formbook

General

Target

a0f153ab4eb17a4032396bcfabc4ecd911f8bcffec9ec622385bfc5a028b81d3
Size

584KB
Sample

240417-rqt33abg35
MD5

b4516840b1476bdcfa9ab7d8cb724c9c
SHA1

dc522a2650fa7cdce4eb5527f6478cf099d820b9
SHA256

a0f153ab4eb17a4032396bcfabc4ecd911f8bcffec9ec622385bfc5a028b81d3
SHA512

14cb14b42e2b17437bb698110a28eb1d59443adbd2eccd076a8a841726b6958579136aafb858cfd96e5a6c8fda4f0d26ce1bb57367bb6e6de0791cb823a1d5ad
SSDEEP

12288:3p9Ass55OAertVA6c4Ms6iY8378Lf1w4xq0sumZCF:ZmDOAMmv8r8Lf1/fr4w

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gy14

Decoy

mavbam.com

theanhedonia.com

budgetnurseries.com

buflitr.com

alqamarhotel.com

2660348.top

123bu6.shop

v72999.com

yzyz841.xyz

247fracing.com

naples.beauty

twinklethrive.com

loscaseros.com

creditspisatylegko.site

sgyy3ej2dgwesb5.com

ufocafe.net

techn9nehollywoodundead.com

truedatalab.com

alterdpxlmarketing.com

harborspringsfire.com

Targets

- Target
  
  4b7e7f50f5a8101616a2d09fbff3a3d9c3c3b3b0dc2ded2a52b6540e7ec3a558.exe
- Size
  
  609KB
- MD5
  
  d88d07a281f91948a3d839b9908d5a8b
- SHA1
  
  e5896b83e7252e6eb77b472a6f92775cb93b6940
- SHA256
  
  4b7e7f50f5a8101616a2d09fbff3a3d9c3c3b3b0dc2ded2a52b6540e7ec3a558
- SHA512
  
  2d22987b903d0cf4c95c514a69f6bc226c521d6dda5ad4c1635f8664c08d6d2eca15b9992f42546c2b272553080e7f104d7ccf057872c42abefb22c13f569116
- SSDEEP
  
  12288:KyuceQ5vzi5zYZOucMneauj60nEkP1IZl27lvcmTPYK5+7D4lg6B8r:hri5zYJn2pEdHulvc2YwgUf6
Score

10^/10

formbook gy14 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2