formbook

General

Target

70ec27a0cb26c73b7dfe3d665a87234c55864972da956c4aca69393efc74c765.exe
Size

1.1MB
Sample

240807-b3h9bs1ang
MD5

b81b2efb25b5fc8ef39c47adc71f4f0a
SHA1

01bdbc997333aec6197832be7a57c87e777ab007
SHA256

70ec27a0cb26c73b7dfe3d665a87234c55864972da956c4aca69393efc74c765
SHA512

a0f9851855321300710b5f98c3886eab042cf851363710f48fd8ce2eef1de2348831828e2644011dadbe2af30c093a984268e86afa15400c8f176bb5c7e71f56
SSDEEP

24576:VqDEvCTbMWu7rQYlBQcBiT6rprG8aeraZ4gB0c2eV:VTvC/MTQYxsWR7aeYBD2

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jd21

Decoy

bankownedproperties-0.bond

slab-leak-repair-74697.bond

tvtwenty20sr.top

scw-iot.net

circusenergy.online

030002787.xyz

propertiesforrentus11.bond

defi-banksystem.online

gkbet168.net

joycasino-ed46.top

sctttc-or.top

borghardt.xyz

therealtorpeddler.info

macexpress.online

bobbyharvey.store

dating-dd-de.info

thetrue.one

alqahtani.site

mahlubini.africa

truck-driver-jobs-42274.bond

Targets

- Target
  
  70ec27a0cb26c73b7dfe3d665a87234c55864972da956c4aca69393efc74c765.exe
- Size
  
  1.1MB
- MD5
  
  b81b2efb25b5fc8ef39c47adc71f4f0a
- SHA1
  
  01bdbc997333aec6197832be7a57c87e777ab007
- SHA256
  
  70ec27a0cb26c73b7dfe3d665a87234c55864972da956c4aca69393efc74c765
- SHA512
  
  a0f9851855321300710b5f98c3886eab042cf851363710f48fd8ce2eef1de2348831828e2644011dadbe2af30c093a984268e86afa15400c8f176bb5c7e71f56
- SSDEEP
  
  24576:VqDEvCTbMWu7rQYlBQcBiT6rprG8aeraZ4gB0c2eV:VTvC/MTQYxsWR7aeYBD2
Score

10^/10

formbook jd21 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2