formbook

General

Target

d6e979a3574885e4bdb3b8c8831897302285fe2f5cf52a86ce4538705b803fac.rar
Size

596KB
Sample

250103-e9bdvasnek
MD5

bd1ef0adfc5af49f392aaac016a76b8d
SHA1

dc74701a6e39c76d0ffcacac0ff4482e13b521a8
SHA256

d6e979a3574885e4bdb3b8c8831897302285fe2f5cf52a86ce4538705b803fac
SHA512

d03dc3f4336c83c5c56b3d85c1deffd30d7d865efefbc89891d1448d9995f958e435a37b734a8e87e2c969b940282948673712c9d53e2fb6c47a7892180bd0b1
SSDEEP

12288:0h1JdZI/ro9wR0jVHUmxR05F72U7ihZ1e67AJL5jRXfdEPhF:0h1JnS09oIHUmX05khGvjX2D

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cl21

Decoy

0001.shop

earch-parttimejobs.today

are888.top

akanhaunthipped.shop

othing-heyu.xyz

cadvirsor.net

nclanalae.shop

lectric-cars-mexico.today

oxj-question.xyz

ersonalloanoffers.today

ersonalloans-fo54-fo37.click

verybody-ewfx.xyz

ercuremontauban.media

azilimdunyam.net

airs-clinicato.today

wiftsscend.click

ertainly-jbws.xyz

8xeng.app

damekadmitageable.cfd

ollapsedec.shop

Targets

- Target
  
  AAHSHS.exe
- Size
  
  1.1MB
- MD5
  
  a4906211beb74593aecdfa9bf5092bef
- SHA1
  
  053a4dbcc5555e1359ea81cd42d1161cf6eff3e8
- SHA256
  
  df4e5d0884836c220aea16b85ffe57ab973bdbd586b125ea5522da15f03b9c2e
- SHA512
  
  e160ef8460cc999a9ba3fb12eabf698be72f74847fc6358b0615db984706a1098b1b6948adcf2910068508f407c3c84adfc3f725085f71d4e20465a2fe3155ce
- SSDEEP
  
  24576:MAHnh+eWsN3skA4RV1Hom2KXMmHaoyJXwzK00YsVrEJYwR5:rh+ZkldoPK8YaoWXHVhTO
Score

10^/10

formbook cl21 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2