formbook

General

Target

Etisalat Summary Bill for the Month of May.exe
Size

1.0MB
Sample

240603-st3eaabh94
MD5

6eb32cf2b1d4a3b38ef372e6c1d76b04
SHA1

d72628520b0978a1b1be32f975676858c3d3476c
SHA256

bcc5a9772d5c0d2a0db971eff31f5a0e6feccdd6cb8defccbea6f00b5967cf38
SHA512

7e655a1ff81c24052a877ebd116e159a0c1bc79bb05e5b6823ba83c6c269a1a970a98babecd226fe8ffcc16d8bce8da1a56f6730153a695eed5e6b785c5eb4d3
SSDEEP

24576:wAHnh+eWsN3skA4RV1Hom2KXMmHa2XbblkxUHjtcyd5:nh+ZkldoPK8Ya2XbblkCHjtc8

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ss63

Decoy

catpig.xyz

chatladyanzensei7.site

onewayonepaydroptaxi.com

bima188.lol

wealth-km.online

seepao27200.top

6c958u9.lol

fbyu57ytsd.shop

baranetentegre.com

webaichimie.com

h3k38q2.lol

abicomsrl.com

338kp.vip

rescuecube.com

bubatz-t.com

psgluxuryapartments.com

goodfellowlawfirm.com

bais141.com

imingchu.com

ekzeanjfolzaks.top

Targets

- Target
  
  Etisalat Summary Bill for the Month of May.exe
- Size
  
  1.0MB
- MD5
  
  6eb32cf2b1d4a3b38ef372e6c1d76b04
- SHA1
  
  d72628520b0978a1b1be32f975676858c3d3476c
- SHA256
  
  bcc5a9772d5c0d2a0db971eff31f5a0e6feccdd6cb8defccbea6f00b5967cf38
- SHA512
  
  7e655a1ff81c24052a877ebd116e159a0c1bc79bb05e5b6823ba83c6c269a1a970a98babecd226fe8ffcc16d8bce8da1a56f6730153a695eed5e6b785c5eb4d3
- SSDEEP
  
  24576:wAHnh+eWsN3skA4RV1Hom2KXMmHa2XbblkxUHjtcyd5:nh+ZkldoPK8Ya2XbblkCHjtc8
Score

10^/10

formbook ss63 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2