formbook | 8633eb2ea7decc6a280a1a7e51d46a95b45e18597abb5c611fdd93931cab4bd7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8633eb2ea7decc6a280a1a7e51d46a95b45e18597abb5c611fdd93931cab4bd7.exe
Size

575KB
Sample

231127-vmg6waae61
MD5

6d0c4eb2d7c60e9e825dd4e5579e1e72
SHA1

d824360879830bc3e7efb04e81f0f92a9d618216
SHA256

8633eb2ea7decc6a280a1a7e51d46a95b45e18597abb5c611fdd93931cab4bd7
SHA512

fa159037bac6e264b0b7cd449fac169da40a9f13fd61c09679933e6a4eb047a180dcbfb836ab05ebf0485cfb67dfd5e8c380daf70b24ba947ed3f84596801a6f
SSDEEP

12288:m/M6QRh+FbWgpkYByhpu5klZEPIK2y7JQ5GsZwB7K4ENzbK:cy/+57p5ByhEk/EwKrSBZWVEN

Score

10^/10

formbook ot8s rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ot8s

Decoy

snrnnc.top

meta-stocktraders.com

btsmo.xyz

slotsgoldenflare.com

ljkghjf.com

kichi.space

3645115.xyz

mostbet-wav8.xyz

chatgrouplinks.com

kingdombusinessfunnels.com

6887088.win

csdgjf.com

33lode88.vip

nwholdinggroups.com

panwhorasbox.com

muriot.com

simafilm.com

xcj005.top

495372.com

zheki444pay.com

Targets

- Target
  
  8633eb2ea7decc6a280a1a7e51d46a95b45e18597abb5c611fdd93931cab4bd7.exe
- Size
  
  575KB
- MD5
  
  6d0c4eb2d7c60e9e825dd4e5579e1e72
- SHA1
  
  d824360879830bc3e7efb04e81f0f92a9d618216
- SHA256
  
  8633eb2ea7decc6a280a1a7e51d46a95b45e18597abb5c611fdd93931cab4bd7
- SHA512
  
  fa159037bac6e264b0b7cd449fac169da40a9f13fd61c09679933e6a4eb047a180dcbfb836ab05ebf0485cfb67dfd5e8c380daf70b24ba947ed3f84596801a6f
- SSDEEP
  
  12288:m/M6QRh+FbWgpkYByhpu5klZEPIK2y7JQ5GsZwB7K4ENzbK:cy/+57p5ByhEk/EwKrSBZWVEN
Score

10^/10

formbook ot8s rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookot8sratspywarestealertrojan

behavioral2