formbook

General

Target

3c49acaa8cecf8350267f1be98a72b3c3cc0ab537c0ddb99b20cb6d7e65b916b.exe
Size

694KB
Sample

241204-ctyhbsslbm
MD5

cf4274ca7587295567c667da6e1bd0e0
SHA1

1e6f09bbb822019d3311f317688756d48d0d931a
SHA256

3c49acaa8cecf8350267f1be98a72b3c3cc0ab537c0ddb99b20cb6d7e65b916b
SHA512

c201dfabb87ef9252fe1124dc46bf3a6a0da685c87047e53a2d103c9f40c1992c245c168758c6286727150cc71ec20536945279a5d3360cf5ce8ced27ba324f5
SSDEEP

12288:diIR4R52J+XtONxhwH7L8US0zA50ziWjBoAOIFSDhmAfUq/Wy9jwW7i5IjlMIR:diIeeDNwH7o+cW9oAbtAMq+y9GI

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ax19

Decoy

nmarklun.biz

eadithere.net

oytromcm.net

6gu536d.shop

hysicsjunction.online

esistivitysensors.net

ealthcare-software-53940.bond

tupid-edsee.cyou

614.lat

agmart.store

lothesthesale.store

ranopen.info

c1v.lat

owflyingbugs.online

undumimmobilien.net

nline-advertising-57252.bond

orktyper.net

kten10.shop

sadeaguia.net

ouseofnormal.party

Targets

- Target
  
  3c49acaa8cecf8350267f1be98a72b3c3cc0ab537c0ddb99b20cb6d7e65b916b.exe
- Size
  
  694KB
- MD5
  
  cf4274ca7587295567c667da6e1bd0e0
- SHA1
  
  1e6f09bbb822019d3311f317688756d48d0d931a
- SHA256
  
  3c49acaa8cecf8350267f1be98a72b3c3cc0ab537c0ddb99b20cb6d7e65b916b
- SHA512
  
  c201dfabb87ef9252fe1124dc46bf3a6a0da685c87047e53a2d103c9f40c1992c245c168758c6286727150cc71ec20536945279a5d3360cf5ce8ced27ba324f5
- SSDEEP
  
  12288:diIR4R52J+XtONxhwH7L8US0zA50ziWjBoAOIFSDhmAfUq/Wy9jwW7i5IjlMIR:diIeeDNwH7o+cW9oAbtAMq+y9GI
Score

10^/10

discovery formbook ax19 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2