formbook | 09c9f5a39dc3e3ac12127313b688b22672dfc6db5a5acb5d3e9c5b6e257b5c17 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

09c9f5a39dc3e3ac12127313b688b22672dfc6db5a5acb5d3e9c5b6e257b5c17
Size

412KB
Sample

231102-eqrxgshf49
MD5

18bb5b67ef8ce137a7546acdce62ee5c
SHA1

9febc08333038e212dabb5bdecad56cdb7c841e1
SHA256

09c9f5a39dc3e3ac12127313b688b22672dfc6db5a5acb5d3e9c5b6e257b5c17
SHA512

43273392c45aa0c75904a0c73a1e924a0fa29b45d389ec802c8e9b38eeb8022dec691bc23078fcd6995f16071aa015c042d7706498f279f05a3fcb907ea9c6b1
SSDEEP

6144:U8LxBCXMMCNrCkPKikHzlZw7Il2AcNEL79mhxk6jC8fzhnz8w/hQ5Y5lrFvm7/VZ:urCNNK7Hzj2IQAYELGjD05YX5vIXsLGL

Score

10^/10

formbook ge06 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ge06

Decoy

azaharparis.com

nationaleventsafety.com

covesstudy.com

quinshon4.com

moderco.net

trailblazerbaby.com

time-edu.net

azeemtourism.com

anakmedan3.click

bookinternationaltours.com

ulksht.top

newswirex.com

dingg.net

waveoflife.pro

miamirealestatecommercial.com

rtplive77.xyz

bowllywood.com

automation-tools-84162.bond

booptee.com

ebx.lat

Targets

- Target
  
  09c9f5a39dc3e3ac12127313b688b22672dfc6db5a5acb5d3e9c5b6e257b5c17
- Size
  
  412KB
- MD5
  
  18bb5b67ef8ce137a7546acdce62ee5c
- SHA1
  
  9febc08333038e212dabb5bdecad56cdb7c841e1
- SHA256
  
  09c9f5a39dc3e3ac12127313b688b22672dfc6db5a5acb5d3e9c5b6e257b5c17
- SHA512
  
  43273392c45aa0c75904a0c73a1e924a0fa29b45d389ec802c8e9b38eeb8022dec691bc23078fcd6995f16071aa015c042d7706498f279f05a3fcb907ea9c6b1
- SSDEEP
  
  6144:U8LxBCXMMCNrCkPKikHzlZw7Il2AcNEL79mhxk6jC8fzhnz8w/hQ5Y5lrFvm7/VZ:urCNNK7Hzj2IQAYELGjD05YX5vIXsLGL
Score

10^/10

formbook ge06 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookge06ratspywarestealertrojan