formbook

General

Target

PO.exe
Size

1.3MB
Sample

241111-gdgl4avarb
MD5

4642ca8583e94f1d76e01db9f79185db
SHA1

1b2e96a56d4e91d2aebe9468ccc0c1e275d96a3a
SHA256

88795ccbb26f764aa31d3e28c8df85f970334a67bc61b06682745b185900ea75
SHA512

fd8f54f3f1d2667d627c81dcd4380618081fbac7cd3a9c29653cd9a5710f3c7b33de383aed47ca3138beb6090d02f50ed60d24363934f29904700ee8e318f612
SSDEEP

24576:P5EmXFtKaL4/oFe5T9yyXYfP1ijXda5nRbWfcnnAvKyS+SkAtm+:PPVt/LZeJbInQRa5RgYnvySbkA

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cl21

Decoy

0001.shop

earch-parttimejobs.today

are888.top

akanhaunthipped.shop

othing-heyu.xyz

cadvirsor.net

nclanalae.shop

lectric-cars-mexico.today

oxj-question.xyz

ersonalloanoffers.today

ersonalloans-fo54-fo37.click

verybody-ewfx.xyz

ercuremontauban.media

azilimdunyam.net

airs-clinicato.today

wiftsscend.click

ertainly-jbws.xyz

8xeng.app

damekadmitageable.cfd

ollapsedec.shop

Targets

- Target
  
  PO.exe
- Size
  
  1.3MB
- MD5
  
  4642ca8583e94f1d76e01db9f79185db
- SHA1
  
  1b2e96a56d4e91d2aebe9468ccc0c1e275d96a3a
- SHA256
  
  88795ccbb26f764aa31d3e28c8df85f970334a67bc61b06682745b185900ea75
- SHA512
  
  fd8f54f3f1d2667d627c81dcd4380618081fbac7cd3a9c29653cd9a5710f3c7b33de383aed47ca3138beb6090d02f50ed60d24363934f29904700ee8e318f612
- SSDEEP
  
  24576:P5EmXFtKaL4/oFe5T9yyXYfP1ijXda5nRbWfcnnAvKyS+SkAtm+:PPVt/LZeJbInQRa5RgYnvySbkA
Score

10^/10

formbook cl21 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2