formbook

General

Target

yiLe926pJsBgixu.exe
Size

648KB
Sample

240531-jh4crsbe41
MD5

b5c6dfe319520065564fa342e1350b9e
SHA1

949eecf1075c49cfbfd6bb843dcbf0436660aac2
SHA256

93b04d266b5fddd03311c3d22a2a37ab451a3a0c6e1a28ebc2764ee5691e3291
SHA512

268f3d739f7397e384a3f5e462ba56f1ee9b8208e0041c52f19eccf136b32bb80f6cfb2dd1a1f5612ad42caffa55fbe24dc1787fdb4cdfcd29dfca38b01bbadb
SSDEEP

12288:CPOc0ArVAW0Ez3WZY6mCYNkMx9Dsa7Qq/be:fihvF3WZYUYSMDsN

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cr12

Decoy

nff1291.com

satyainfra.com

hechiceradeamores.com

jfgminimalist.com

qut68q.com

pedandmore.com

sugardefender24-usa.us

somalse.com

lotusluxecandle.com

certificadobassetpro.com

veryaroma.com

thehistoryofindia.in

33155.cc

terastudy.net

84031.vip

heilsambegegnen.com

horizon-rg.info

junongpei.website

winstons.club

henslotalt.us

Targets

- Target
  
  yiLe926pJsBgixu.exe
- Size
  
  648KB
- MD5
  
  b5c6dfe319520065564fa342e1350b9e
- SHA1
  
  949eecf1075c49cfbfd6bb843dcbf0436660aac2
- SHA256
  
  93b04d266b5fddd03311c3d22a2a37ab451a3a0c6e1a28ebc2764ee5691e3291
- SHA512
  
  268f3d739f7397e384a3f5e462ba56f1ee9b8208e0041c52f19eccf136b32bb80f6cfb2dd1a1f5612ad42caffa55fbe24dc1787fdb4cdfcd29dfca38b01bbadb
- SSDEEP
  
  12288:CPOc0ArVAW0Ez3WZY6mCYNkMx9Dsa7Qq/be:fihvF3WZYUYSMDsN
Score

10^/10

formbook cr12 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2