formbook

General

Target

3cadb32dafeb421b94c09ca30944385141cbd4b032589b92bac948f27c287dfd.exe
Size

591KB
Sample

240529-bqjz4add37
MD5

c9d5f9d20dd66ef3e2329b8a26f01af8
SHA1

d28d94662a5e84ad0ae68f35979782fa3344304c
SHA256

3cadb32dafeb421b94c09ca30944385141cbd4b032589b92bac948f27c287dfd
SHA512

3d54cb4223610f8e15336101dc946a533f839ec6d0d55a8a4143a8e99bf4bf3f0e70aacad80a5dee62619f19bbda845e6a65b76f0d10ab5d52feac2bb32b7dd1
SSDEEP

12288:luarYCFd6xuo/q3dk4vD7PDFoHBQKjX2q+hS1uv4S/LNApBxO:z81xTy3i4v/DFoHBTQh+uv4S/pApBxO

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cr12

Decoy

nff1291.com

satyainfra.com

hechiceradeamores.com

jfgminimalist.com

qut68q.com

pedandmore.com

sugardefender24-usa.us

somalse.com

lotusluxecandle.com

certificadobassetpro.com

veryaroma.com

thehistoryofindia.in

33155.cc

terastudy.net

84031.vip

heilsambegegnen.com

horizon-rg.info

junongpei.website

winstons.club

henslotalt.us

Targets

- Target
  
  3cadb32dafeb421b94c09ca30944385141cbd4b032589b92bac948f27c287dfd.exe
- Size
  
  591KB
- MD5
  
  c9d5f9d20dd66ef3e2329b8a26f01af8
- SHA1
  
  d28d94662a5e84ad0ae68f35979782fa3344304c
- SHA256
  
  3cadb32dafeb421b94c09ca30944385141cbd4b032589b92bac948f27c287dfd
- SHA512
  
  3d54cb4223610f8e15336101dc946a533f839ec6d0d55a8a4143a8e99bf4bf3f0e70aacad80a5dee62619f19bbda845e6a65b76f0d10ab5d52feac2bb32b7dd1
- SSDEEP
  
  12288:luarYCFd6xuo/q3dk4vD7PDFoHBQKjX2q+hS1uv4S/LNApBxO:z81xTy3i4v/DFoHBTQh+uv4S/pApBxO
Score

10^/10

formbook cr12 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2