formbook

General

Target

Confirm!!.rar
Size

702KB
Sample

231112-tx3d5agg7t
MD5

4662d7133528bf980c6b1f6a7865b0c9
SHA1

76ed3f2e80b0520a4d6f38537319e8e85650d5e8
SHA256

79115213cd51631d50fdd6d76f5d5825017ff0f01e7c8a0f4d72e1c626d912dd
SHA512

d30b2dbdf0e02575cb48d044a0d9fb6b0d72a3444b8359252697c17e8fd5e7117ab2bb582ecb1eb9930d8b4a465909f3539139d444200eea1e0fe2b2e09f3c46
SSDEEP

12288:2kY0iXbGG8SH0dJQ4DbqpYJpzE9d7QmcMMFe3uC8kTKC7Pzvl81UleDtxeFTc9z8:2kY0kGGh0zLiBKMIe34crzvozRxeFA8

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

he2a

Decoy

connectioncompass.store

zekicharge.com

dp77.shop

guninfo.guru

mamaeconomics.net

narcisme.coach

redtopassociates.com

ezezn.com

theoregondog.com

pagosmultired.online

emsculptcenterofne.com

meet-friends.online

pf326.com

wealthjigsaw.xyz

arsajib.com

kickassholdings.online

avaturre.biz

dtslogs.com

lb92.tech

pittalam.com

Targets

- Target
  
  Confirm!!.exe
- Size
  
  909KB
- MD5
  
  63f2ae7b89ae6bfad8ee75885b92ab2d
- SHA1
  
  4761dc770d4e7259137bf74d52285bf5f46d068a
- SHA256
  
  bb8548a744cd648172b769babfe7fb42aec25bc35e812f491af41d31c4c92d13
- SHA512
  
  10c84ab1a412fff41d76b3244d852413bb5952720c6ed310d7f6c3689c0191bf678e2d11846bcd3716ce4243f9672c1fdabb458081c5c8cacb53dce53b9d5f3a
- SSDEEP
  
  12288:3QZPC78Xxgjmqdd3ryMQD3EtX7rPK5Juy2fA/Ft795l0umvv:3QK8Xqj3B5Xa0st55lBm
Score

10^/10

formbook he2a rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2