formbook | 4d46bf02f526997927a97a27c56dc0c09133f309036efc28af45704b9c120751 | Triage

Sharing

General

Target

090b0e38780c07da32a7d9119c754e34b398845b94fbe8ea544fc9ab8d81ac80.zip
Size

665KB
Sample

221207-rkq48afb47
MD5

21719b3164af6e99c87c93e94c759474
SHA1

618280d16fbe126e8cf4a24375222ffcaaf5562a
SHA256

4d46bf02f526997927a97a27c56dc0c09133f309036efc28af45704b9c120751
SHA512

5e5934f281fec463167c45b9882b2ee87a3ac81a6ceb7c902d7765fc6323e41ea85b6aafebf064580fcb683374ca8317e3d1a68860bda3483f7a00fa319cbc1a
SSDEEP

12288:uaUdRN2hwweFPAUfbFICO+nz5v3ImsKsvdMMY5RHLeticUYyRYWElybcmJlKunf:dgT2hXIYv+nz5v37s925RHHYyRCEc+f

Score

10^/10

formbook d94i rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d94i

Decoy

drain-pipe-cleaning-74655.com

culligandiiy.com

lknja.shop

salon-atmosfera.ru

steamgeneratorboilers.com

drain-pipe-cleaning-30896.com

dinoton.fun

feed-v.com

aym-brum.co.uk

bxztil.xyz

infinite-transformation.com

caticmicro.com

abrahamgranda.com

cleaninggem.com

hi5279.com

jainsdigitalservices.com

cglsuperset.com

kephatonrx.com

babyhandmold.com

braceelet.com

Targets

- Target
  
  090b0e38780c07da32a7d9119c754e34b398845b94fbe8ea544fc9ab8d81ac80.exe
- Size
  
  893KB
- MD5
  
  38e553f81a142579ea9a4e61a5c02c14
- SHA1
  
  44cb7f3254aa1991bd49039f9cfaec4ac3cf87b2
- SHA256
  
  090b0e38780c07da32a7d9119c754e34b398845b94fbe8ea544fc9ab8d81ac80
- SHA512
  
  3bc489194086f1abc40e077657d50835d6a71fe94314592aa47c806340ae3d5dd4f53bb8bc969c7d22cd2403fd395a8283a4573abb1475709dd7543c72b65203
- SSDEEP
  
  12288:roQgKZ/nXt7virmWhlGLaQYIV7m2HUOZE2SqvXD0LLc7VrfOJvFTkfDtd9201ZRk:DBHEdqf0KOJvFTkf5L2GRahex3zLu
Score

10^/10

formbook d94i rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookd94iratspywarestealertrojan