formbook

General

Target

AAHSHS.bin
Size

1.1MB
Sample

241228-z91c7aslbx
MD5

a4906211beb74593aecdfa9bf5092bef
SHA1

053a4dbcc5555e1359ea81cd42d1161cf6eff3e8
SHA256

df4e5d0884836c220aea16b85ffe57ab973bdbd586b125ea5522da15f03b9c2e
SHA512

e160ef8460cc999a9ba3fb12eabf698be72f74847fc6358b0615db984706a1098b1b6948adcf2910068508f407c3c84adfc3f725085f71d4e20465a2fe3155ce
SSDEEP

24576:MAHnh+eWsN3skA4RV1Hom2KXMmHaoyJXwzK00YsVrEJYwR5:rh+ZkldoPK8YaoWXHVhTO

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cl21

Decoy

0001.shop

earch-parttimejobs.today

are888.top

akanhaunthipped.shop

othing-heyu.xyz

cadvirsor.net

nclanalae.shop

lectric-cars-mexico.today

oxj-question.xyz

ersonalloanoffers.today

ersonalloans-fo54-fo37.click

verybody-ewfx.xyz

ercuremontauban.media

azilimdunyam.net

airs-clinicato.today

wiftsscend.click

ertainly-jbws.xyz

8xeng.app

damekadmitageable.cfd

ollapsedec.shop

Targets

- Target
  
  AAHSHS.bin
- Size
  
  1.1MB
- MD5
  
  a4906211beb74593aecdfa9bf5092bef
- SHA1
  
  053a4dbcc5555e1359ea81cd42d1161cf6eff3e8
- SHA256
  
  df4e5d0884836c220aea16b85ffe57ab973bdbd586b125ea5522da15f03b9c2e
- SHA512
  
  e160ef8460cc999a9ba3fb12eabf698be72f74847fc6358b0615db984706a1098b1b6948adcf2910068508f407c3c84adfc3f725085f71d4e20465a2fe3155ce
- SSDEEP
  
  24576:MAHnh+eWsN3skA4RV1Hom2KXMmHaoyJXwzK00YsVrEJYwR5:rh+ZkldoPK8YaoWXHVhTO
Score

10^/10

formbook cl21 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2