formbook

General

Target

swift copy.exe
Size

1.0MB
Sample

240711-rpea8asdrf
MD5

8bd61d90030d503a329469db383abe88
SHA1

97f2606294fea4e18ce600f2d96bdfa8ba1856ae
SHA256

cb94f7e2d32391ffa226f27e39543a099f2867c9cc7602fb964b4358132b6a50
SHA512

eee0a1f7b422a3bbe7b2a09714cbc5155724e4e67de08dca3d02e695dcdd533c58b3a376e1cdafd91bdef7c3e9db0a884ce968c5fc12e800cbd0674347de8b98
SSDEEP

24576:lAHnh+eWsN3skA4RV1Hom2KXMmHaWDRMBST0M45:Uh+ZkldoPK8YaWDRM4T0T

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pt46

Decoy

twinportslocal.com

rovor.store

98169.club

mdywl.com

jrd3s.rest

aston1717.top

floridawoodworkingmachinery.com

17tk555t.com

ankitsho.shop

seclameh.com

realrecordlabel.com

trenchonbirmingham.com

af28.top

rtp1kenzototo.com

theselflovesite.com

promotegetpaid.info

strategiclogisticsagency.com

learneracademy.net

per-watch.com

betbox2341.com

Targets

- Target
  
  swift copy.exe
- Size
  
  1.0MB
- MD5
  
  8bd61d90030d503a329469db383abe88
- SHA1
  
  97f2606294fea4e18ce600f2d96bdfa8ba1856ae
- SHA256
  
  cb94f7e2d32391ffa226f27e39543a099f2867c9cc7602fb964b4358132b6a50
- SHA512
  
  eee0a1f7b422a3bbe7b2a09714cbc5155724e4e67de08dca3d02e695dcdd533c58b3a376e1cdafd91bdef7c3e9db0a884ce968c5fc12e800cbd0674347de8b98
- SSDEEP
  
  24576:lAHnh+eWsN3skA4RV1Hom2KXMmHaWDRMBST0M45:Uh+ZkldoPK8YaWDRM4T0T
Score

10^/10

formbook pt46 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2