formbook

General

Target

126c9f5edc9699a6e47f08444de2c36645c41eacece24e4a1d9df3e11273ee5d
Size

773KB
Sample

241107-ck2hmatcnq
MD5

49a68084eb55a9680670dd1795a315a6
SHA1

df89a51b6f1a9c13331c41c5b63a19348b438bcf
SHA256

126c9f5edc9699a6e47f08444de2c36645c41eacece24e4a1d9df3e11273ee5d
SHA512

89effc557124e33b4abadac11e53f886fb9e7a55bb0ca11e9e36513b94783dd779786e378d3d3e2438dc82ae192f888835b989b5a7c0097ea02b3fa4c8cb5899
SSDEEP

12288:bCzhcqteBxyBGUu5rXOLgKeB2YG9eevforL63502fCFNDQWJMrJVDaQhaZ/Ij8j4:2zaqtRE5KkvYvfuA5026DDQ5Gwc/Iw0

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cl21

Decoy

0001.shop

earch-parttimejobs.today

are888.top

akanhaunthipped.shop

othing-heyu.xyz

cadvirsor.net

nclanalae.shop

lectric-cars-mexico.today

oxj-question.xyz

ersonalloanoffers.today

ersonalloans-fo54-fo37.click

verybody-ewfx.xyz

ercuremontauban.media

azilimdunyam.net

airs-clinicato.today

wiftsscend.click

ertainly-jbws.xyz

8xeng.app

damekadmitageable.cfd

ollapsedec.shop

Targets

- Target
  
  PURCHASE ORDER 07.11.2024.exe
- Size
  
  1.1MB
- MD5
  
  5bb53c7c310fce5bd2ac3b09170ed353
- SHA1
  
  1ede6acee76c6b3d9cdeff2734e828e18aacc988
- SHA256
  
  1e8c5faaaa9fd8d718b5ef9875069cbbfaaf3b667b2727aa5f6d45c8a08de94a
- SHA512
  
  69f3e6f41bc52b438996ee84a8ad4f81cf2ee3b83fea07a6cd2c87b3525f177d42e5e893cbe127af2d94f4f2a3f5a7e2dd87996b6e180d710b66da4010151f56
- SSDEEP
  
  24576:uRmJkcoQricOIQxiZY1iaCy4wBoAZ02w7DQxKwa/IyD:7JZoQrbTFZY1iaCy4wh0zExKwKIyD
Score

10^/10

formbook cl21 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2