formbook

General

Target

5c9ae21073af32232996e56ea997bd90f612831cc82809260bc47d83cfe291f6
Size

462KB
Sample

240901-bzz3nsxdnj
MD5

8e0b6929e920d0d1a6211164bc43e18a
SHA1

b357b2715bb8369c02622a054c054aeceea1bac3
SHA256

5c9ae21073af32232996e56ea997bd90f612831cc82809260bc47d83cfe291f6
SHA512

c4b2b489ec663254df42b82a81c9e8c16808b5e0d901b4d6415174f12fc016acd84ab2ab1794d74d8a128038fd69e6900b6acbc6bd9efbda2693763054d5e96d
SSDEEP

12288:YWP84smPe53utu/30ieCUKfk9eUs7q+G1kU8L5nouEhGkZUBSYcLeSR36d11:YWPsmPeButu/oOy2q+G5WxzEBrLeSRqV

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cnp0

Decoy

jiarenyuanhunlian.com

xquizitelashesnwaxx.com

rentinerie.com

herbalpedia-id.com

openseagames.com

re-swap.com

william-cook.com

segensv.com

versebay.com

brendanlairdsound.com

bypestor.com

hospitaldelpc.net

wwwroadrunnerfinancial.com

waterhammerstudios.com

hustleandbank.photography

secure01bchslogin.com

rarepeperanking.com

greatland.company

happybirthdayjewel.com

raheok.store

Targets

- Target
  
  8b10a744ecc77aa0c6ed8596d46513a3de252356f9a1b52cc7c6e8ed459c36b9
- Size
  
  922KB
- MD5
  
  abf416a9f8f2da1f9bd6e44a9369ae21
- SHA1
  
  73bdbf62470ebc25850cb22d9c7e3bc2006c9f01
- SHA256
  
  8b10a744ecc77aa0c6ed8596d46513a3de252356f9a1b52cc7c6e8ed459c36b9
- SHA512
  
  75d5eb0f8ffb05299aa2225b61cad1ff24749140d469b130e5d57a5f6ee99a6a727bcbb73595ef8d8d35ecf50a54caab1caaaec604bc6a9dfa12abb351be4638
- SSDEEP
  
  12288:2TDDXJN68jyeZfaGkH7GtKdOv+CbjReMUCPvti/o7qZn57aypHtNpI:2Fr7WH7ndOWCbjZ5Niw7A3a
Score

10^/10

formbook cnp0 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2