formbook

General

Target

Original Document.r01
Size

609KB
Sample

240530-pebq8sgf7s
MD5

ad3381924027e01c371779c52517fcf6
SHA1

b9fb798646f4023c464b0676da7098da8584c51f
SHA256

ad8df433ca55f75e0d48038c22c2b8e8a0b6695cb3601e447f81b91e410b97d4
SHA512

c1599adb167599d81ab114c8028118cbb5654ac60384280158003b427f48d5e9677a2fe86aa7579d98bd9f24ef1145ef6d7ef6ff2ae756e87df0fac9f557def9
SSDEEP

12288:+pjme7MVPgZ0NtmQOhLo8/Km2ZZW2Wj7aW2B9Hs5iyDjFl5jUIjQIGnpDbb/Bc:+pjm7VPlNtXoV6ZormLsTjFXZGpDbtc

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cr12

Decoy

nff1291.com

satyainfra.com

hechiceradeamores.com

jfgminimalist.com

qut68q.com

pedandmore.com

sugardefender24-usa.us

somalse.com

lotusluxecandle.com

certificadobassetpro.com

veryaroma.com

thehistoryofindia.in

33155.cc

terastudy.net

84031.vip

heilsambegegnen.com

horizon-rg.info

junongpei.website

winstons.club

henslotalt.us

Targets

- Target
  
  qrpeTtY87wetpUB.exe
- Size
  
  640KB
- MD5
  
  632da6b3d20acaebaaaf82ae60270ce0
- SHA1
  
  de0a1cae92d1f5ac0d6055c10e9a559f34c0e1dd
- SHA256
  
  9cfc2c5731c5a52202d43ad545f2256b8e00ce44110b6c8c63584de22fce913d
- SHA512
  
  1847c2fae54c9768c4a4c007f633ffc3dd8c4ad0d205356b6951e4770ca6328edce034f320cda7c3eac81db5094a0879b1e4139baa9b859dfce676c5b02abc00
- SSDEEP
  
  12288:0N4KkzdrJwKcIUPuv07OqH/+uGCuQi9gJfno2VrC4AVW6UMLboHd25hgvd:DcFuv8OqH/gQi98nogCFs6PnoHd4h
Score

10^/10

formbook cr12 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2