formbook

General

Target

4498a75f6f27e3e03a0b14ba933c0a06.bin
Size

418KB
Sample

240428-blhlgacf76
MD5

2588f2a8d48512eccc13acddbba932a0
SHA1

ec985491b618e1398456c64fa06873e58d9a935b
SHA256

c06a5403e056fc7ade2a51d93dce194268b65155f8a1202692302f4bca00539b
SHA512

fa935e23df4ba175eee73651352ff94463965dd671fea76ecfb07bdf9607744098fc766f42b333ac3df789036800394ce8b22b5b3649e09ed4473eb639057742
SSDEEP

12288:Zm429ItdD6bGczOezfw6x7Kbb5+SHcJBryWSCSkfds1:ZloIbD6lfK/5+3yWSCSEs1

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ij84

Decoy

resetter.xyz

simonbelanger.me

kwip.xyz

7dbb9.baby

notion-everyday.com

saftiwall.com

pulse-gaming.com

fafafa1.shop

ihaveahole.com

sxtzzj.com

996688x.xyz

komalili.monster

haberdashere.store

nurselifegng.com

kidtryz.com

ghvx.xyz

1minvideopro.com

hidef.group

stylishbeststyler.space

spx21.com

Targets

- Target
  
  270da7ba03177d793879ddc0272e94a0003e9327298879463693f7b78f199e28.exe
- Size
  
  791KB
- MD5
  
  4498a75f6f27e3e03a0b14ba933c0a06
- SHA1
  
  259d54f92d825925cf87c9057d5d0c47a0c50bfb
- SHA256
  
  270da7ba03177d793879ddc0272e94a0003e9327298879463693f7b78f199e28
- SHA512
  
  16270ddb916f438bac3c54112ee908ac0ce2c0acf7dc0533f02e6dc49c33a8fb33272aed3e39ce11dbe420fec9ecf577752ed4bd6a203a33630f013ff912fbbf
- SSDEEP
  
  12288:PXc87X+bXPXST4Fof1XUhRtK+CVIN2X9yKBg7vj3pz17:PXcH/X4ypoig9yKe/5z17
Score

10^/10

formbook ij84 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

1

T1018

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Drops startup file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2