formbook

General

Target

7416647e8ad9b50cc3a8da41679abefc154798e0536587c9795bde7f9ea90591
Size

591KB
Sample

240516-gzhfhsfg72
MD5

9b2305438c4e666ab49b17b4b5babf02
SHA1

27a838819c2b767cec2a7469b729a58c857ae4df
SHA256

7416647e8ad9b50cc3a8da41679abefc154798e0536587c9795bde7f9ea90591
SHA512

4d7c225b19c660d5e2220acef721ea922763f9b2793373eba7f584245d8b5115a4039e93ecf1acf983b6a5a98bb03e0407a102d139289af6830312a6f7429636
SSDEEP

12288:aMAJovD3qFoPn4sOqX/wEyuTeJ7VTveJSo9+fZoj8V5uv:aMBLaQdOayuTMcJSyWuv

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ij84

Decoy

resetter.xyz

simonbelanger.me

kwip.xyz

7dbb9.baby

notion-everyday.com

saftiwall.com

pulse-gaming.com

fafafa1.shop

ihaveahole.com

sxtzzj.com

996688x.xyz

komalili.monster

haberdashere.store

nurselifegng.com

kidtryz.com

ghvx.xyz

1minvideopro.com

hidef.group

stylishbeststyler.space

spx21.com

Targets

- Target
  
  6a220dfe065da94494e1f5a94311bdba17f6f56d66f40ca39af817798fea09af.exe
- Size
  
  763KB
- MD5
  
  9df58df76c5826af2a9357287869e0f7
- SHA1
  
  c2d804fdeefc82563b51c04870b49cc998588712
- SHA256
  
  6a220dfe065da94494e1f5a94311bdba17f6f56d66f40ca39af817798fea09af
- SHA512
  
  2f0a90bdf8748d4c616b0568ddbb9043dedbb536a5902cec3e6693ed37ba94fb2aec42c514722f09589d27d5bdb1bbe3c3c4d3338386459348ad695465b9f494
- SSDEEP
  
  12288:eQDFTPiULBMzvlKXj3Z+ka1XmrpVMSTUplRYgK+CVINEX9yKBg7vjG:HPh2NKXj8tVmpmGUpXYfia9yKe/
Score

10^/10

formbook ij84 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

1

T1018

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Drops startup file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2