formbook

General

Target

0c46fc62123c9418ecaf8f16a87b595a93c92e3c9a4323ddadcdce09b5412bd8N
Size

757KB
Sample

240930-j13h7ayfnf
MD5

64cd9cd8d129491524b6277481bab740
SHA1

296115935b522a4db4ecfb523c44eb8ef94b2f18
SHA256

0c46fc62123c9418ecaf8f16a87b595a93c92e3c9a4323ddadcdce09b5412bd8
SHA512

d6b54b504d8cbf3b82bb36eaf726637f6c0a37f2709d54a3a978d4cb52545fb95bc4a684d63c1f6ac93b3ae152b978ebe3479c5322e1dbc3f3e956bc9530016a
SSDEEP

12288:fUxdjs00ib3ioqc9+xTe0PR6m0eFy2ktn3IjLJJpN+xKPf1rPnx:Sdj0ibSoq8+xbZT0i2gVJ2M3px

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

grve

Decoy

jrvinganimalexterminator.com

smallsyalls.com

po1c3.com

mencg.com

aussieenjoyment.today

espace22.com

aanmelding-desk.info

gallopshoes.com

nftsexy.com

ricosdulcesmexicanos.com

riseswift.com

thechicthirty.com

matdcg.com

alternet.today

creativehuesdesigns.com

rjkcrafts.com

lowdosemortgage.com

adoptahamster.com

wellness-sense.com

jacardcapital.com

Targets

- Target
  
  0c46fc62123c9418ecaf8f16a87b595a93c92e3c9a4323ddadcdce09b5412bd8N
- Size
  
  757KB
- MD5
  
  64cd9cd8d129491524b6277481bab740
- SHA1
  
  296115935b522a4db4ecfb523c44eb8ef94b2f18
- SHA256
  
  0c46fc62123c9418ecaf8f16a87b595a93c92e3c9a4323ddadcdce09b5412bd8
- SHA512
  
  d6b54b504d8cbf3b82bb36eaf726637f6c0a37f2709d54a3a978d4cb52545fb95bc4a684d63c1f6ac93b3ae152b978ebe3479c5322e1dbc3f3e956bc9530016a
- SSDEEP
  
  12288:fUxdjs00ib3ioqc9+xTe0PR6m0eFy2ktn3IjLJJpN+xKPf1rPnx:Sdj0ibSoq8+xbZT0i2gVJ2M3px
Score

10^/10

formbook grve discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2