formbook | 54d08c079e162698607d24a232cc8b51ea0cecf8df1d6fefa27726041e2cd366 | Triage

Sharing

General

Target

5a8637cc62a5884edc586b690d0bac10.exe
Size

598KB
Sample

230808-h28k6acf9w
MD5

5a8637cc62a5884edc586b690d0bac10
SHA1

33ff0da34d35ef8051d5c88641502ee7bf2f0333
SHA256

54d08c079e162698607d24a232cc8b51ea0cecf8df1d6fefa27726041e2cd366
SHA512

818ea5ef21b7bb392cdd17bd9f0878cf1caa27d1d5a0e1fd8d05a22da73f3cf0859a97b0ad7ea0bc17ef8b83fba2eb93322b79a607676861abc308182db1764f
SSDEEP

12288:BsniF9L2hCugpGy1Md/VmA01Z0/ROPRfxzIZp+kD/etaJedzY+GG:BsniKhjo1K/V01ZKRWPEX+K/jJed0+r

Score

10^/10

formbook oi24 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oi24

Decoy

sorterexpo.com

50imty.xyz

biscotrucking.com

urawep.xyz

parthaviorganic.com

quali-con.com

wgimawmo.click

19829e.com

wendywardband.com

peraepin.com

wintercot.com

cqfvnzlk.click

furar.top

fcvorbww.click

gazetarendaextra.com

bakerstack.com

plant-nursery-boweco.com

30235p.com

sartensaludable.com

dalmatiangarden.com

Targets

- Target
  
  5a8637cc62a5884edc586b690d0bac10.exe
- Size
  
  598KB
- MD5
  
  5a8637cc62a5884edc586b690d0bac10
- SHA1
  
  33ff0da34d35ef8051d5c88641502ee7bf2f0333
- SHA256
  
  54d08c079e162698607d24a232cc8b51ea0cecf8df1d6fefa27726041e2cd366
- SHA512
  
  818ea5ef21b7bb392cdd17bd9f0878cf1caa27d1d5a0e1fd8d05a22da73f3cf0859a97b0ad7ea0bc17ef8b83fba2eb93322b79a607676861abc308182db1764f
- SSDEEP
  
  12288:BsniF9L2hCugpGy1Md/VmA01Z0/ROPRfxzIZp+kD/etaJedzY+GG:BsniKhjo1K/V01ZKRWPEX+K/jJed0+r
Score

10^/10

formbook oi24 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookoi24ratspywarestealertrojan

behavioral2

formbookoi24ratspywarestealertrojan