formbook

General

Target

808d60c29c337aea37014a94d88be5b7c297cd814c7c9ae322396d51ae1d97ce
Size

791KB
Sample

240925-e3n2csybke
MD5

97e7f214aaa62fb94c4d5858b3014ba8
SHA1

b7d74564160b24e2fa0d25c40113022684d9681a
SHA256

808d60c29c337aea37014a94d88be5b7c297cd814c7c9ae322396d51ae1d97ce
SHA512

b10d679b440ff1fe2fba2fd033052eeeeceaec8aefd397a3419681c547f80f825a2fe7cdbe6b296fb8dd58e9036d946a4697628e4e8107c70641719a1588b06c
SSDEEP

12288:PCzhcqteBxyBGUu5rXOLgKeB2YG9ea4DLnSx8Po7iGyaXkLwFKv+KhBsxgcy7zzA:qzaqtRE5KkvYsLSSwR8xhBDcNQs

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jd21

Decoy

bankownedproperties-0.bond

slab-leak-repair-74697.bond

tvtwenty20sr.top

scw-iot.net

circusenergy.online

030002787.xyz

propertiesforrentus11.bond

defi-banksystem.online

gkbet168.net

joycasino-ed46.top

sctttc-or.top

borghardt.xyz

therealtorpeddler.info

macexpress.online

bobbyharvey.store

dating-dd-de.info

thetrue.one

alqahtani.site

mahlubini.africa

truck-driver-jobs-42274.bond

Targets

- Target
  
  TNT AWB TRACKING DETAIL.exe
- Size
  
  1.1MB
- MD5
  
  18ada2e6acac1de1eb6c321d65d8f086
- SHA1
  
  a959c11687e53e59a63f69f0783d277a2b9441b9
- SHA256
  
  9de1654530e9c6e5e1d5054bc17d04c2aa08a35b8e1285d86c2cb34ec8b0f3a5
- SHA512
  
  d43cafe76054414f3b720611358915b4f2b4a76b4070a960b4f81510fae3fe01969302901aabbcef236056691c6d9eeefd04070d336650bc63232c60eb07726a
- SSDEEP
  
  24576:uRmJkcoQricOIQxiZY1iaCPhL+iw5AvhBDcjbW:7JZoQrbTFZY1iaC5LJ5tcW
Score

10^/10

formbook jd21 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2