formbook

General

Target

Statement of Account COFCO Pte Ltd.exe
Size

826KB
Sample

241007-hx8elawfjh
MD5

7883efb071ce087ae6008664f3846f12
SHA1

4706e745be7810b755d36f388ba7708c888e2387
SHA256

f30297ce3c8bc97f49286ee0c14b241d6653a2e992de11213aa25a296ab485cd
SHA512

24bd09fcd044020fe98082bb1764ea89b6a6f0ea7af9c763bd7e5c7b28723371249492b7458aed563044ce931e0a16633514633d61794d72e190897d940ae323
SSDEEP

12288:F08rs/LneegfJwDqt6mWV1IQYN59wtknFxEkHmFfo6lob5scglabT4NiBt:4K/O2WPIQY5GCvjHmFfT3Yb4iT

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cu29

Decoy

qidr.shop

usinessaviationconsulting.net

68716329.xyz

nd-los.net

ealthironcladguarantee.shop

oftware-download-69354.bond

48372305.top

omeownershub.top

mall-chilli.top

ajakgoid.online

ire-changer-53482.bond

rugsrx.shop

oyang123.info

azino-forum-pro.online

817715.rest

layman.vip

eb777.club

ovatonica.net

urgaslotvip.website

inn-paaaa.buzz

Targets

- Target
  
  Statement of Account COFCO Pte Ltd.exe
- Size
  
  826KB
- MD5
  
  7883efb071ce087ae6008664f3846f12
- SHA1
  
  4706e745be7810b755d36f388ba7708c888e2387
- SHA256
  
  f30297ce3c8bc97f49286ee0c14b241d6653a2e992de11213aa25a296ab485cd
- SHA512
  
  24bd09fcd044020fe98082bb1764ea89b6a6f0ea7af9c763bd7e5c7b28723371249492b7458aed563044ce931e0a16633514633d61794d72e190897d940ae323
- SSDEEP
  
  12288:F08rs/LneegfJwDqt6mWV1IQYN59wtknFxEkHmFfo6lob5scglabT4NiBt:4K/O2WPIQY5GCvjHmFfT3Yb4iT
Score

10^/10

formbook cu29 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2