formbook

General

Target

dd36a21b3f11b6142a898ce80d046abf5f8e0b62fa112957db619c865272ce20.exe
Size

134KB
Sample

240719-v5xz2swbla
MD5

7f723f9e10de5dd1ce6d4e6bde89abe4
SHA1

555e9af7d45b4436709150c474c28908225132f5
SHA256

dd36a21b3f11b6142a898ce80d046abf5f8e0b62fa112957db619c865272ce20
SHA512

ccce6e52dca4c11a8de88118b92b477c4f12f035557d6fe132d95e663d67721c76999cff688baeb349e494bfc89d49d636d8ff25207ed1c232f3b2f68508bb7e
SSDEEP

3072:/kHnTc+neY+r6MVpHQhIB2E+kgaJysLTVm1AYUb:/kHTi3US/

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mu94

Decoy

thenextamendment.net

automatiza.xyz

psikologhazelgungor.com

90857.net

robertoblondetrealtor.site

rv0awy.rest

74657.ooo

adigidea.com

world-healing.online

health4world.com

shyan.fun

anviltotable.com

vinger.online

juizltd.com

twmk.asia

cakescrushbyruby.com

listxtreme.com

00050026.xyz

finessedesignhouse.com

jsmm-27.xyz

Targets

- Target
  
  dd36a21b3f11b6142a898ce80d046abf5f8e0b62fa112957db619c865272ce20.exe
- Size
  
  134KB
- MD5
  
  7f723f9e10de5dd1ce6d4e6bde89abe4
- SHA1
  
  555e9af7d45b4436709150c474c28908225132f5
- SHA256
  
  dd36a21b3f11b6142a898ce80d046abf5f8e0b62fa112957db619c865272ce20
- SHA512
  
  ccce6e52dca4c11a8de88118b92b477c4f12f035557d6fe132d95e663d67721c76999cff688baeb349e494bfc89d49d636d8ff25207ed1c232f3b2f68508bb7e
- SSDEEP
  
  3072:/kHnTc+neY+r6MVpHQhIB2E+kgaJysLTVm1AYUb:/kHTi3US/
Score

10^/10

formbook mu94 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2