formbook | f754f346d15cc240a990e20e92ab7bd1a0193543aef5b5fc5562306e2593ed5f | Triage

Sharing

General

Target

tmpinizyzkr
Size

606KB
Sample

231230-m7k49seehp
MD5

2fa129c7224ce25ad5f60e88eec7b371
SHA1

e1942614c29c0c060c0ccbda2f798a894bcd4a9c
SHA256

f754f346d15cc240a990e20e92ab7bd1a0193543aef5b5fc5562306e2593ed5f
SHA512

3969e7a0bebfa1a4fe955a3314f16b152f0d6b317656543dd7f9abd3a45b44dbe190ae419ad0580c42e8317b5d422c5693aac4be8e4efd4f460254ebb8ac9b3c
SSDEEP

12288:2tKPYyVFvf7ckA4aS4reE3w5uRbah33bw4CbKgXdDo8pfFH2HytA:24g+Foi6wAK30nbhV2i

Score

10^/10

formbook pf06 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pf06

Decoy

mogu829.store

kjhcvjbjer.asia

kokombeverage.com

spaycrop.com

pennsylvaniaautosales.com

cqdjyw.com

attendlimitlessarena.com

dominicbyrd.com

dkds.net

ematransform.com

faceshopping.one

iqmal.dev

ivanrgonzalez.com

ickfullmoon.com

dirtyshirtspro.com

stopinflationtax.com

sidbaskaran.com

szroadtech.com

clickvenda.store

cckkkl.com

Targets

- Target
  
  tmpinizyzkr
- Size
  
  606KB
- MD5
  
  2fa129c7224ce25ad5f60e88eec7b371
- SHA1
  
  e1942614c29c0c060c0ccbda2f798a894bcd4a9c
- SHA256
  
  f754f346d15cc240a990e20e92ab7bd1a0193543aef5b5fc5562306e2593ed5f
- SHA512
  
  3969e7a0bebfa1a4fe955a3314f16b152f0d6b317656543dd7f9abd3a45b44dbe190ae419ad0580c42e8317b5d422c5693aac4be8e4efd4f460254ebb8ac9b3c
- SSDEEP
  
  12288:2tKPYyVFvf7ckA4aS4reE3w5uRbah33bw4CbKgXdDo8pfFH2HytA:24g+Foi6wAK30nbhV2i
Score

10^/10

formbook pf06 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookpf06ratspywarestealertrojan

behavioral2

formbookpf06ratspywarestealertrojan