formbook

General

Target

yPURXYpFVuXra2o.exe
Size

795KB
Sample

240603-halx3seg5z
MD5

6c73961037087d34597fc8a582388bcc
SHA1

fc96081d921b7f82b9c559ffc335b02364199fd7
SHA256

93815b97bf6c09abc9e705096381dd25b658853e0751f7b95cc51123c251bcf2
SHA512

140b6064ecd453809a8a4a8d0fc1f2c82644fa53324c1d1995d4399f7d4f7db14d22dd6cdd9218c17d3d093e5be84667b0ed8f25690d1add9a3e43aa286536ce
SSDEEP

24576:zMYeWygN5iwSC6OJCa0jIOGFmGJlNmvcu:zMYeqN5idN6X0jvARNmUu

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cr12

Decoy

nff1291.com

satyainfra.com

hechiceradeamores.com

jfgminimalist.com

qut68q.com

pedandmore.com

sugardefender24-usa.us

somalse.com

lotusluxecandle.com

certificadobassetpro.com

veryaroma.com

thehistoryofindia.in

33155.cc

terastudy.net

84031.vip

heilsambegegnen.com

horizon-rg.info

junongpei.website

winstons.club

henslotalt.us

Targets

- Target
  
  yPURXYpFVuXra2o.exe
- Size
  
  795KB
- MD5
  
  6c73961037087d34597fc8a582388bcc
- SHA1
  
  fc96081d921b7f82b9c559ffc335b02364199fd7
- SHA256
  
  93815b97bf6c09abc9e705096381dd25b658853e0751f7b95cc51123c251bcf2
- SHA512
  
  140b6064ecd453809a8a4a8d0fc1f2c82644fa53324c1d1995d4399f7d4f7db14d22dd6cdd9218c17d3d093e5be84667b0ed8f25690d1add9a3e43aa286536ce
- SSDEEP
  
  24576:zMYeWygN5iwSC6OJCa0jIOGFmGJlNmvcu:zMYeqN5idN6X0jvARNmUu
Score

10^/10

formbook cr12 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2