formbook

General

Target

ea178499cdcfd15865978d5deb8f2c20_NeikiAnalytics.exe
Size

841KB
Sample

240526-xdxlbafh6w
MD5

ea178499cdcfd15865978d5deb8f2c20
SHA1

abb69aa28efbcd0c4316092f86b4a7a8bfa46065
SHA256

c49144d5230e65bdd212567dfc8dae95f41ae9ee4860344edc83555656dbc4c7
SHA512

ebc012339713f31f420b6a1d3225646d6e051e79ffa7d656243909d399edbdfd27036a6b0a5e43229f0eff5440d2c1d02613700cc3b9d2c73ab3271164537407
SSDEEP

12288:mIhwd62Ykh5M7Evm38LIAufALnGTaSsMDY0igpaKNlcZ7JWV8u/UPnp:mIeMkh5oEukLG4hpgkKN47JWV8u/A

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cr12

Decoy

nff1291.com

satyainfra.com

hechiceradeamores.com

jfgminimalist.com

qut68q.com

pedandmore.com

sugardefender24-usa.us

somalse.com

lotusluxecandle.com

certificadobassetpro.com

veryaroma.com

thehistoryofindia.in

33155.cc

terastudy.net

84031.vip

heilsambegegnen.com

horizon-rg.info

junongpei.website

winstons.club

henslotalt.us

Targets

- Target
  
  ea178499cdcfd15865978d5deb8f2c20_NeikiAnalytics.exe
- Size
  
  841KB
- MD5
  
  ea178499cdcfd15865978d5deb8f2c20
- SHA1
  
  abb69aa28efbcd0c4316092f86b4a7a8bfa46065
- SHA256
  
  c49144d5230e65bdd212567dfc8dae95f41ae9ee4860344edc83555656dbc4c7
- SHA512
  
  ebc012339713f31f420b6a1d3225646d6e051e79ffa7d656243909d399edbdfd27036a6b0a5e43229f0eff5440d2c1d02613700cc3b9d2c73ab3271164537407
- SSDEEP
  
  12288:mIhwd62Ykh5M7Evm38LIAufALnGTaSsMDY0igpaKNlcZ7JWV8u/UPnp:mIeMkh5oEukLG4hpgkKN47JWV8u/A
Score

10^/10

formbook cr12 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2