formbook

General

Target

667cb593ef99fba15e74b9eff4384e0590435e01d9914c7b500064133ece2e78.exe
Size

483KB
Sample

241123-yrhjzszncl
MD5

ae452c2e1a3b7aceebfe0349e58239b8
SHA1

ef38728e61d5abc32cae40d326577432aa7fa9ac
SHA256

667cb593ef99fba15e74b9eff4384e0590435e01d9914c7b500064133ece2e78
SHA512

b82a7455c26d3fd6b61ce89a21945edbe278dc431667bb8c766ba9ee5af10f2bf538bc7ee29055994360b63986686f56dc16e6197d872c225fd36dcf179de8af
SSDEEP

6144:fYG1f456Uqd2GhNAqwisAnIikwTc0gIlokyp3I5a5Kx81wHadqMWp/19SORtx:QhAUi2iNA1AIikNqp15anwHadZWTLd

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jy0b

Decoy

lamejorimagen.com

mykabukibrush.com

modgon.com

barefoottherapeutics.com

shimpeg.net

trade-sniper.com

chiangkhancityhotel.com

joblessmoni.club

stespritsubways.com

chico-group.com

nni8.xyz

searchtypically.online

jobsyork.com

bestsales-crypto.com

iqmarketing.info

bullcityphotobooths.com

fwssc.icu

1oc87s.icu

usdiesel.xyz

secrets2optimumnutrition.com

Targets

- Target
  
  667cb593ef99fba15e74b9eff4384e0590435e01d9914c7b500064133ece2e78.exe
- Size
  
  483KB
- MD5
  
  ae452c2e1a3b7aceebfe0349e58239b8
- SHA1
  
  ef38728e61d5abc32cae40d326577432aa7fa9ac
- SHA256
  
  667cb593ef99fba15e74b9eff4384e0590435e01d9914c7b500064133ece2e78
- SHA512
  
  b82a7455c26d3fd6b61ce89a21945edbe278dc431667bb8c766ba9ee5af10f2bf538bc7ee29055994360b63986686f56dc16e6197d872c225fd36dcf179de8af
- SSDEEP
  
  6144:fYG1f456Uqd2GhNAqwisAnIikwTc0gIlokyp3I5a5Kx81wHadqMWp/19SORtx:QhAUi2iNA1AIikNqp15anwHadZWTLd
Score

10^/10

formbook jy0b discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2