formbook

General

Target

DHL Shipping Documents.exe
Size

601KB
Sample

231012-e2vshsgh46
MD5

ff7a12a393bbeb76d1af987d9950984c
SHA1

914b9190399fbc2e09c5cb5d861cd12c39f9ecff
SHA256

cec022d6875e34bf7b1b9691599cc582b86f7fc7f860b9508f8a676002ae99b6
SHA512

5e7ddd30e6b838ff35436ca8ddbf3a84e073ef61f140fd17223cb81062123d743bbff66a4b148dc8ce1ab66872a387ec6d9fdaf1f818ec113a88c417f335099b
SSDEEP

12288:rtH0/rD6DCA2Z3pzOEvThYIKs9WmPcjYgkrw7cL67r:STDiCA2ZwSKGL0YTrw7G6

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cy12

Decoy

routinelywell.com

traderinformation.com

xv1lz.cfd

elfiensclinic.com

dfwtexasmilitaryagent.com

gb3p8a.com

ofcure.com

kslgd.link

apexassisthubs.com

270hg.com

spacovitta.com

mattress-info-hu-kwu.today

jakestarrbroadcast.com

modestswimwearshop.com

game0814.com

gec.tokyo

growwellnesscoaching.com

thefavoreats.com

gaasmantech.net

mloffers.net

Targets

- Target
  
  DHL Shipping Documents.exe
- Size
  
  601KB
- MD5
  
  ff7a12a393bbeb76d1af987d9950984c
- SHA1
  
  914b9190399fbc2e09c5cb5d861cd12c39f9ecff
- SHA256
  
  cec022d6875e34bf7b1b9691599cc582b86f7fc7f860b9508f8a676002ae99b6
- SHA512
  
  5e7ddd30e6b838ff35436ca8ddbf3a84e073ef61f140fd17223cb81062123d743bbff66a4b148dc8ce1ab66872a387ec6d9fdaf1f818ec113a88c417f335099b
- SSDEEP
  
  12288:rtH0/rD6DCA2Z3pzOEvThYIKs9WmPcjYgkrw7cL67r:STDiCA2ZwSKGL0YTrw7G6
Score

10^/10

formbook cy12 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2