formbook

General

Target

b5c54101374cc75a2e4b8960243fbccfe81c267d9e05af3b72e10b2fa812aff5.exe
Size

1.1MB
Sample

240807-mtys7sxdrr
MD5

14876f2aecbf08493108d81f260bfe7a
SHA1

ef0dfe01cecc9972141738f251a235059082b106
SHA256

b5c54101374cc75a2e4b8960243fbccfe81c267d9e05af3b72e10b2fa812aff5
SHA512

aff1f1d1dbc16059a895919a595902db67a59ea3eba46263defed3111a7fb0d3c241237c04a265c8045a6d52e313db6fdbc71ec01626bd30350210818820e774
SSDEEP

24576:xqDEvCTbMWu7rQYlBQcBiT6rprG8af5sFc/sq97F:xTvC/MTQYxsWR7afSckQ7

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jd21

Decoy

thepowerofzeus.com

tampamlr.com

00050591.xyz

dominomusicmktlnc.com

ai-defi.wiki

tyumk.xyz

gbqspj.club

fostertv.net

batremake.com

nelwhiteconsulting.com

amsya.com

urbanholidayz.com

463058.photos

anag-gioielli.com

kjsdhklssk73.xyz

islarenta.com

designed4lifecoaching.com

autohotelsecrets.com

susansellsmarin.com

studyflow.xyz

Targets

- Target
  
  b5c54101374cc75a2e4b8960243fbccfe81c267d9e05af3b72e10b2fa812aff5.exe
- Size
  
  1.1MB
- MD5
  
  14876f2aecbf08493108d81f260bfe7a
- SHA1
  
  ef0dfe01cecc9972141738f251a235059082b106
- SHA256
  
  b5c54101374cc75a2e4b8960243fbccfe81c267d9e05af3b72e10b2fa812aff5
- SHA512
  
  aff1f1d1dbc16059a895919a595902db67a59ea3eba46263defed3111a7fb0d3c241237c04a265c8045a6d52e313db6fdbc71ec01626bd30350210818820e774
- SSDEEP
  
  24576:xqDEvCTbMWu7rQYlBQcBiT6rprG8af5sFc/sq97F:xTvC/MTQYxsWR7afSckQ7
Score

10^/10

formbook jd21 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2