formbook

General

Target

ba6b404291eeee5e3a7f92f8debfd1af684035664d95fcfdb7ea8fef1b2da40e.exe
Size

558KB
Sample

240724-yphrzathrr
MD5

3ec3e43514a9b55b88b069ee79ed81e1
SHA1

43861900682dc4e550b0f215cb28553d368dbddc
SHA256

ba6b404291eeee5e3a7f92f8debfd1af684035664d95fcfdb7ea8fef1b2da40e
SHA512

09b63c828d5ed4cd9746d718e843944f121a840d3aa58763481868e6140b21246b52286c488e7e3df3d6a7c01860e6f5471f9bde796a2e66273c69412e7921a2
SSDEEP

12288:ed6RGxHlehi2s5C+UViENXaTemfIgOe9Jl:ed9HEgrk+4TNXq2s

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rn94

Decoy

st68v.xyz

conciergenotary.net

qwechaotk.top

rtpdonatoto29.xyz

8ad.xyz

powermove.top

cameras-30514.bond

vanguardcoffee.shop

umoe53fxc1bsujv.buzz

consultoriamax.net

hplxx.com

ndu.wtf

yzh478c.xyz

bigbrown999.site

xiake07.asia

resdai.xyz

the35678.shop

ba6rf.rest

ceo688.com

phimxhot.xyz

Targets

- Target
  
  ba6b404291eeee5e3a7f92f8debfd1af684035664d95fcfdb7ea8fef1b2da40e.exe
- Size
  
  558KB
- MD5
  
  3ec3e43514a9b55b88b069ee79ed81e1
- SHA1
  
  43861900682dc4e550b0f215cb28553d368dbddc
- SHA256
  
  ba6b404291eeee5e3a7f92f8debfd1af684035664d95fcfdb7ea8fef1b2da40e
- SHA512
  
  09b63c828d5ed4cd9746d718e843944f121a840d3aa58763481868e6140b21246b52286c488e7e3df3d6a7c01860e6f5471f9bde796a2e66273c69412e7921a2
- SSDEEP
  
  12288:ed6RGxHlehi2s5C+UViENXaTemfIgOe9Jl:ed9HEgrk+4TNXq2s
Score

10^/10

formbook rn94 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2