formbook

General

Target

38016d49c2c7455dc7bb9db0061872032c2041f7266801fadc404e7b0bf6c40e
Size

399KB
Sample

240903-vz5spstalg
MD5

d7c0fe8c96a507000c4c9b00b80190e4
SHA1

e6cbe2e13d1083ee283a141ae847d452a07752bf
SHA256

38016d49c2c7455dc7bb9db0061872032c2041f7266801fadc404e7b0bf6c40e
SHA512

745abe5b834874c1af1c2a8a0e1ed913f127e44ce2c62d9eac4a67f66c877c52812179f6afe2d6abe939be9ae52d671820e57b66ba748b3b883582cc70708f2c
SSDEEP

6144:75wPrtNT0bmE7kEY1oBPR+TC96s5MrKPZNxKQzo1oRd/EsSQ8n81A2J9ZDwgF67:NwPrtx01kQwTS5Mc/E1WcsSQ1/wgFe

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cnp0

Decoy

jiarenyuanhunlian.com

xquizitelashesnwaxx.com

rentinerie.com

herbalpedia-id.com

openseagames.com

re-swap.com

william-cook.com

segensv.com

versebay.com

brendanlairdsound.com

bypestor.com

hospitaldelpc.net

wwwroadrunnerfinancial.com

waterhammerstudios.com

hustleandbank.photography

secure01bchslogin.com

rarepeperanking.com

greatland.company

happybirthdayjewel.com

raheok.store

Targets

- Target
  
  25e5055023abbb8c18992618b6f04c94b8b13ff8bd33d4a4f8462d92902461bf
- Size
  
  460KB
- MD5
  
  4bc84a1a436c849698fd54c0f921c2a1
- SHA1
  
  c7c7cb7b33da65ffc53ff9351b56802cb1561560
- SHA256
  
  25e5055023abbb8c18992618b6f04c94b8b13ff8bd33d4a4f8462d92902461bf
- SHA512
  
  c86ec6b9fef554818af6aacdc7df24bb7ad1813390f6e708c7b9cd385a274286419c3f738d55ef411a1be82cbf462e483525ef20e27a4b6b24ceb4fc99001f19
- SSDEEP
  
  12288:AUi2iNGOScG5vuP/0LdXxotCd76avsgLzK:AUi1AXHI/0v7/TLzK
Score

10^/10

formbook cnp0 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2