formbook

General

Target

COSMO-KUMPULANCERIASDNBHD.exe
Size

561KB
Sample

241017-x5lccs1hle
MD5

19917380813158f6da23199966f76142
SHA1

e2169950987b949889418dddeb11ac0bd85204ce
SHA256

10b85fb4905227bc1e37c8ebfcb317b188f9d93a761aa887977dae17c71de81f
SHA512

9585a7c40ebe4aa34eea8330d0ea61fe30db6a96eca468b90e532508d1d53ac339df337f16d3e3313b68cfd55df8d17799de3b7eb617aa6b93b917a139a5fd64
SSDEEP

12288:l1RveBYT84wRjvVjfSKXK9Lt80akQ/MDTcy2fjTIqojCNNgU4:l1RWBYGjHXK9h8Zv6cy2fjTsGD54

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cu29

Decoy

qidr.shop

usinessaviationconsulting.net

68716329.xyz

nd-los.net

ealthironcladguarantee.shop

oftware-download-69354.bond

48372305.top

omeownershub.top

mall-chilli.top

ajakgoid.online

ire-changer-53482.bond

rugsrx.shop

oyang123.info

azino-forum-pro.online

817715.rest

layman.vip

eb777.club

ovatonica.net

urgaslotvip.website

inn-paaaa.buzz

Targets

- Target
  
  COSMO-KUMPULANCERIASDNBHD.exe
- Size
  
  561KB
- MD5
  
  19917380813158f6da23199966f76142
- SHA1
  
  e2169950987b949889418dddeb11ac0bd85204ce
- SHA256
  
  10b85fb4905227bc1e37c8ebfcb317b188f9d93a761aa887977dae17c71de81f
- SHA512
  
  9585a7c40ebe4aa34eea8330d0ea61fe30db6a96eca468b90e532508d1d53ac339df337f16d3e3313b68cfd55df8d17799de3b7eb617aa6b93b917a139a5fd64
- SSDEEP
  
  12288:l1RveBYT84wRjvVjfSKXK9Lt80akQ/MDTcy2fjTIqojCNNgU4:l1RWBYGjHXK9h8Zv6cy2fjTsGD54
Score

10^/10

formbook cu29 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2