formbook

General

Target

TNT AWB TRACKING DETAILS.exe
Size

1.1MB
Sample

240925-g93jfazfpm
MD5

b49edb762958e81c098b4869ba26a78c
SHA1

152bda24aa1bd2b8f6eff91f214ebf1701062a7e
SHA256

58892474694c1aff444adca37753e52b93fffce8bb98b75d488ec3df2c87b2da
SHA512

305621b6ded9f58155036348d65f6d01891b99f9d4d5c480a973419d597a8b1e95ed33a60641df0e3025eb3e97042d73f4d2362ef70e1554bdfabcdd592e8175
SSDEEP

24576:uRmJkcoQricOIQxiZY1iaCfdG8gHowXUy4b59IRGEP4gnV:7JZoQrbTFZY1iaCFGdUyC9IRGEP44

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jd21

Decoy

bankownedproperties-0.bond

slab-leak-repair-74697.bond

tvtwenty20sr.top

scw-iot.net

circusenergy.online

030002787.xyz

propertiesforrentus11.bond

defi-banksystem.online

gkbet168.net

joycasino-ed46.top

sctttc-or.top

borghardt.xyz

therealtorpeddler.info

macexpress.online

bobbyharvey.store

dating-dd-de.info

thetrue.one

alqahtani.site

mahlubini.africa

truck-driver-jobs-42274.bond

Targets

- Target
  
  TNT AWB TRACKING DETAILS.exe
- Size
  
  1.1MB
- MD5
  
  b49edb762958e81c098b4869ba26a78c
- SHA1
  
  152bda24aa1bd2b8f6eff91f214ebf1701062a7e
- SHA256
  
  58892474694c1aff444adca37753e52b93fffce8bb98b75d488ec3df2c87b2da
- SHA512
  
  305621b6ded9f58155036348d65f6d01891b99f9d4d5c480a973419d597a8b1e95ed33a60641df0e3025eb3e97042d73f4d2362ef70e1554bdfabcdd592e8175
- SSDEEP
  
  24576:uRmJkcoQricOIQxiZY1iaCfdG8gHowXUy4b59IRGEP4gnV:7JZoQrbTFZY1iaCFGdUyC9IRGEP44
Score

10^/10

formbook jd21 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2