formbook

General

Target

F60F8E29ACFCC87577DE704D3FD0405F91244F6AEDEC9FDB7BE785C7B5D29751
Size

1.1MB
Sample

250103-jxm94ayjem
MD5

c9cece47f081ecb047ea64aea3b3c5c5
SHA1

03406e0d1340cd41734b20b158a9feac7dd14848
SHA256

f60f8e29acfcc87577de704d3fd0405f91244f6aedec9fdb7be785c7b5d29751
SHA512

e7a9deadcd2437285c51c791eabf2d2d683470acfa50d167c12306486b2a997e99d718bf39c2163c983256e2874030fe83afae48c284e9c7891c7861d0375630
SSDEEP

24576:8AHnh+eWsN3skA4RV1Hom2KXMmHafFxZyvgVaL5:bh+ZkldoPK8YafF7yD

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

nu28

Decoy

papage.com

dohezar.com

fegongroupserver.site

cloudhare.biz

rlxiom.xyz

emmaandrobertswedding.com

fengchenfangfu.com

jimsbestk.com

5004926.com

87558qq.ren

verify-coinbase-wallet.com

mambaka.com

foxyfinds4u.com

wearepawparents.com

pocho.shop

yoursgxmarketing.com

copywritemoney.com

armortechconsulting.com

irnt0ken-al.com

umyowallstreet.site

Targets

- Target
  
  F60F8E29ACFCC87577DE704D3FD0405F91244F6AEDEC9FDB7BE785C7B5D29751
- Size
  
  1.1MB
- MD5
  
  c9cece47f081ecb047ea64aea3b3c5c5
- SHA1
  
  03406e0d1340cd41734b20b158a9feac7dd14848
- SHA256
  
  f60f8e29acfcc87577de704d3fd0405f91244f6aedec9fdb7be785c7b5d29751
- SHA512
  
  e7a9deadcd2437285c51c791eabf2d2d683470acfa50d167c12306486b2a997e99d718bf39c2163c983256e2874030fe83afae48c284e9c7891c7861d0375630
- SSDEEP
  
  24576:8AHnh+eWsN3skA4RV1Hom2KXMmHafFxZyvgVaL5:bh+ZkldoPK8YafF7yD
Score

10^/10

formbook nu28 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2