formbook

General

Target

THREE quotations.exe
Size

766KB
Sample

230608-qlebdaff35
MD5

ae2f78ed3b32a4e7f969ce267778ac66
SHA1

3b7c6425c65933d6b5dac6187e16a0597f3ea5aa
SHA256

d5e9981b7fdef80983edcdda6b3e09870fe991720db4684986ceecb01d24506c
SHA512

f21cf08412c3c53248e7535aa37430f314a6d8e900cc14e908bab730d1c1db555bb8875c9acca9940b1cb5ef6a7d1fdd58ee6abd9b6fe91bd4722d6037e5630e
SSDEEP

12288:0uJas/16/YHmM9mARLAV+/3M73epjTDrFljb3m0z9SFOuDsDtnQkCEgYDjz:0Bs6cV9mA9Im873epjyOxDtQXEnDf

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ct45

Decoy

aeepi.com

lifestyledoneright.com

dilojakac.cfd

vievnsfabula.xyz

jiggirirecords.com

sklaap.xyz

prepper.day

tahta4d-vip.info

p94d3.xyz

17819.vip

gptvoucher.com

ig2x0m.com

croppdtt.com

hnnhiuqme6e701.xyz

zeis.xyz

w77773.com

inspantringa.cfd

webnative.xyz

haahhuzns1okd1.xyz

thinkingmansguidetowomen.com

Targets

- Target
  
  THREE quotations.exe
- Size
  
  766KB
- MD5
  
  ae2f78ed3b32a4e7f969ce267778ac66
- SHA1
  
  3b7c6425c65933d6b5dac6187e16a0597f3ea5aa
- SHA256
  
  d5e9981b7fdef80983edcdda6b3e09870fe991720db4684986ceecb01d24506c
- SHA512
  
  f21cf08412c3c53248e7535aa37430f314a6d8e900cc14e908bab730d1c1db555bb8875c9acca9940b1cb5ef6a7d1fdd58ee6abd9b6fe91bd4722d6037e5630e
- SSDEEP
  
  12288:0uJas/16/YHmM9mARLAV+/3M73epjTDrFljb3m0z9SFOuDsDtnQkCEgYDjz:0Bs6cV9mA9Im873epjyOxDtQXEnDf
Score

10^/10

formbook ct45 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

1

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1

T1064

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2