formbook

General

Target

25072024_0726_24072024_DHL_DOCS_17072024093710__11.pdf.z
Size

581KB
Sample

240725-h9qqbawblp
MD5

6c86330c873d4d2e70025aa7f19f1178
SHA1

e2c27552a75b38804df9f734fa2f9d02371d13ed
SHA256

e047bcb2855f819226732da0091e6d459e0484da9e74544c6764c2e13bbb44f4
SHA512

a874fbc402568d87aea76f92fab23edf10faa14bfb6a22cf3a527dc275f5bd80ac1fa6ecabedba053eff97a540e1b0f4fc87d6c773f4125d1c1fb4bcb0b03ff9
SSDEEP

12288:6+Eap5ywupHSxcmKbg+B+bDTd8yEvRTDFznMutJlI3i:6+5ipjg+B+bDxeFtftJlh

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rn94

Decoy

st68v.xyz

conciergenotary.net

qwechaotk.top

rtpdonatoto29.xyz

8ad.xyz

powermove.top

cameras-30514.bond

vanguardcoffee.shop

umoe53fxc1bsujv.buzz

consultoriamax.net

hplxx.com

ndu.wtf

yzh478c.xyz

bigbrown999.site

xiake07.asia

resdai.xyz

the35678.shop

ba6rf.rest

ceo688.com

phimxhot.xyz

Targets

- Target
  
  DHL_7981540523_17072024093710__11.pdf.exe
- Size
  
  604KB
- MD5
  
  0407353327c84d51c174364744c0e312
- SHA1
  
  3221bd315962b649f7554790d941af412f76411a
- SHA256
  
  b568548e140fcd311b767c87bf4dfbdbe1e0f14720c96f1abcfcc60f2cf1857f
- SHA512
  
  32aaac10a319865e2f88da96bed5de227da05bd317b6c8ef10c02143e63b48122a896c25f5bc52561927db90efd0c1b19177a0c9f0f90257076ac39d85f6d6a5
- SSDEEP
  
  12288:462iNeSY+aZrwrZoWD1O1VUgIS9iuLlBrO+SMSg7bKSHRz1pRMbOHIIXR:114/4rZoWBO1VeWDJ0g7bKSHRzRMqHIi
Score

10^/10

formbook rn94 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2