formbook

General

Target

NEW ORDER.exe
Size

763KB
Sample

240514-shxpnaca2z
MD5

9df58df76c5826af2a9357287869e0f7
SHA1

c2d804fdeefc82563b51c04870b49cc998588712
SHA256

6a220dfe065da94494e1f5a94311bdba17f6f56d66f40ca39af817798fea09af
SHA512

2f0a90bdf8748d4c616b0568ddbb9043dedbb536a5902cec3e6693ed37ba94fb2aec42c514722f09589d27d5bdb1bbe3c3c4d3338386459348ad695465b9f494
SSDEEP

12288:eQDFTPiULBMzvlKXj3Z+ka1XmrpVMSTUplRYgK+CVINEX9yKBg7vjG:HPh2NKXj8tVmpmGUpXYfia9yKe/

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ij84

Decoy

resetter.xyz

simonbelanger.me

kwip.xyz

7dbb9.baby

notion-everyday.com

saftiwall.com

pulse-gaming.com

fafafa1.shop

ihaveahole.com

sxtzzj.com

996688x.xyz

komalili.monster

haberdashere.store

nurselifegng.com

kidtryz.com

ghvx.xyz

1minvideopro.com

hidef.group

stylishbeststyler.space

spx21.com

Targets

- Target
  
  NEW ORDER.exe
- Size
  
  763KB
- MD5
  
  9df58df76c5826af2a9357287869e0f7
- SHA1
  
  c2d804fdeefc82563b51c04870b49cc998588712
- SHA256
  
  6a220dfe065da94494e1f5a94311bdba17f6f56d66f40ca39af817798fea09af
- SHA512
  
  2f0a90bdf8748d4c616b0568ddbb9043dedbb536a5902cec3e6693ed37ba94fb2aec42c514722f09589d27d5bdb1bbe3c3c4d3338386459348ad695465b9f494
- SSDEEP
  
  12288:eQDFTPiULBMzvlKXj3Z+ka1XmrpVMSTUplRYgK+CVINEX9yKBg7vjG:HPh2NKXj8tVmpmGUpXYfia9yKe/
Score

10^/10

formbook ij84 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

1

T1018

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Drops startup file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2