formbook

General

Target

e76b01986da629a4ba0be457f19e11dd9a5efe84a76694961c0851c56e2ca51d.r00
Size

589KB
Sample

241127-dncjca1kcm
MD5

0dad09b8e55b655771dea5ca8a065c81
SHA1

ad047f3664e730d9ab1845d6170b145903957db9
SHA256

e76b01986da629a4ba0be457f19e11dd9a5efe84a76694961c0851c56e2ca51d
SHA512

64f61ee354fa314c407453fb3c64cb80a233c891228cef32f3db5b4c4fa80c33d0c35ae4c59942171c40b384e211ee7eaa013e99b958f18674e1efed6b14f3ef
SSDEEP

12288:2wdHgIqAy6USQNM8siYWZPrX9ijmV1QOvuL+reXYITgeRaqNP6cOgTvBG:bAqGNM8nYyAqJvkdgeJP6NCvE

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cl21

Decoy

0001.shop

earch-parttimejobs.today

are888.top

akanhaunthipped.shop

othing-heyu.xyz

cadvirsor.net

nclanalae.shop

lectric-cars-mexico.today

oxj-question.xyz

ersonalloanoffers.today

ersonalloans-fo54-fo37.click

verybody-ewfx.xyz

ercuremontauban.media

azilimdunyam.net

airs-clinicato.today

wiftsscend.click

ertainly-jbws.xyz

8xeng.app

damekadmitageable.cfd

ollapsedec.shop

Targets

- Target
  
  Invoice & Packing.exe
- Size
  
  1.1MB
- MD5
  
  290979740e29c4b28b20979ca70ee62e
- SHA1
  
  56c8071abcc945b4dd950d2b3e17aa12dfb40292
- SHA256
  
  e9357223834b955c93bbd3e8f48563670a44161f92a15717774f4df9b825f0b6
- SHA512
  
  74736ad0df48f39b5d7cf3e6bc0862e0a22e73ef6fee85f4ce4a7fcc5ae0eb0e7e30111a302f806fd0227146c5e54d1cd48021f23cd4367df77e7924195deedd
- SSDEEP
  
  12288:+tb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgaITu+DexWGESM26A:+tb20pkaCqT5TBWgNQ7aQxCHEP26A
Score

10^/10

formbook cl21 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2