formbook

General

Target

8b24936157cae59842c62804dd53988ac0e13a8ae3d1b7ba9500942a608fb451
Size

710KB
Sample

241005-pd2w2asglm
MD5

19a43363822338c4a87fd7403c43fed4
SHA1

3ba5b289d064adfcb73e92c1444e7b60b7929fa0
SHA256

8b24936157cae59842c62804dd53988ac0e13a8ae3d1b7ba9500942a608fb451
SHA512

52a2bfa22e93cc0daee661bc7d6eaf6617ba6da71588a51c163c01703d43aeb4f638d7e986acfcb06d160572af16c7dcd7c4003a8ef2482c3a77cc1a6802a63e
SSDEEP

12288:d11cKNr+u995CVlp1zO0G2EqloCUegenGTGFN1HXPZZFys1aygQGJ:9bCuXiLzO0jloCmeGSFN13PdaQ

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cr12

Decoy

nff1291.com

satyainfra.com

hechiceradeamores.com

jfgminimalist.com

qut68q.com

pedandmore.com

sugardefender24-usa.us

somalse.com

lotusluxecandle.com

certificadobassetpro.com

veryaroma.com

thehistoryofindia.in

33155.cc

terastudy.net

84031.vip

heilsambegegnen.com

horizon-rg.info

junongpei.website

winstons.club

henslotalt.us

Targets

- Target
  
  8b24936157cae59842c62804dd53988ac0e13a8ae3d1b7ba9500942a608fb451
- Size
  
  710KB
- MD5
  
  19a43363822338c4a87fd7403c43fed4
- SHA1
  
  3ba5b289d064adfcb73e92c1444e7b60b7929fa0
- SHA256
  
  8b24936157cae59842c62804dd53988ac0e13a8ae3d1b7ba9500942a608fb451
- SHA512
  
  52a2bfa22e93cc0daee661bc7d6eaf6617ba6da71588a51c163c01703d43aeb4f638d7e986acfcb06d160572af16c7dcd7c4003a8ef2482c3a77cc1a6802a63e
- SSDEEP
  
  12288:d11cKNr+u995CVlp1zO0G2EqloCUegenGTGFN1HXPZZFys1aygQGJ:9bCuXiLzO0jloCmeGSFN13PdaQ
Score

10^/10

formbook cr12 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2