formbook

General

Target

DHL AWB TRACKING DETAILS.exe
Size

1.1MB
Sample

241016-hamjls1gqn
MD5

ba26455cf5b8d3d0ffa513646753bb30
SHA1

81eed48c8e33e92d27ca58643c038898718f8055
SHA256

e652619baf01e42513f4730ba1089b74c7801327fd260fbde217b2976cf3159c
SHA512

fd298806eb55b202aca68470ebf651277149f9125088b0d7e4a0e4b61c795336aad96b22298012098eddfbe854149b19775d30590f09761602c908fab5cc6788
SSDEEP

24576:ffmMv6Ckr7Mny5QLUlv1VtfH/CnRsf5Pvj:f3v+7/5QL8Vt3Osf53j

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jd21

Decoy

bankownedproperties-0.bond

slab-leak-repair-74697.bond

tvtwenty20sr.top

scw-iot.net

circusenergy.online

030002787.xyz

propertiesforrentus11.bond

defi-banksystem.online

gkbet168.net

joycasino-ed46.top

sctttc-or.top

borghardt.xyz

therealtorpeddler.info

macexpress.online

bobbyharvey.store

dating-dd-de.info

thetrue.one

alqahtani.site

mahlubini.africa

truck-driver-jobs-42274.bond

Targets

- Target
  
  DHL AWB TRACKING DETAILS.exe
- Size
  
  1.1MB
- MD5
  
  ba26455cf5b8d3d0ffa513646753bb30
- SHA1
  
  81eed48c8e33e92d27ca58643c038898718f8055
- SHA256
  
  e652619baf01e42513f4730ba1089b74c7801327fd260fbde217b2976cf3159c
- SHA512
  
  fd298806eb55b202aca68470ebf651277149f9125088b0d7e4a0e4b61c795336aad96b22298012098eddfbe854149b19775d30590f09761602c908fab5cc6788
- SSDEEP
  
  24576:ffmMv6Ckr7Mny5QLUlv1VtfH/CnRsf5Pvj:f3v+7/5QL8Vt3Osf53j
Score

10^/10

formbook jd21 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2