formbook | a8a7abb66cf22c7f804029fa215b1dd39861eda91874af97436a4ac738670f99 | Triage

Sharing

General

Target

d8b35495d596fa9369df3a9e5d95da70N.exe
Size

1.0MB
Sample

240725-rtsdmswglh
MD5

d8b35495d596fa9369df3a9e5d95da70
SHA1

1791b053bf9b9eaeaa7f8ce2e21558a281292ab3
SHA256

a8a7abb66cf22c7f804029fa215b1dd39861eda91874af97436a4ac738670f99
SHA512

ad620640b076a72ec497b5bdea5180d520f666bed091148cfc342525b34671fb30b2339cc6f4abd4ff9d1f7e30c0f1976126f3e498af95a9115016eebd0b70a0
SSDEEP

24576:btb20pkaCqT5TBWgNQ7akdu8ScxJtJM2nt6A:YVg5tQ7akdugrfM2t5

Score

10^/10

formbook ki73 discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ki73

Decoy

zumruduankainsaat.com

bespokearomatics.com

aljumaih-awgaf.online

ds4ds4dfsg4g4.vip

csqj.fun

hairbywendybarrios.shop

savvysaleshop.com

palmettobev.work

reneeonremote.com

pristina.xyz

cosnapsmedia.com

snowshop4.com

pedkey.com

46771481.com

wb777z.vip

toya88login.store

wantedwomenover40.com

fantasygolftournament.com

9t7sjki.fun

bestcampingbed.info

Targets

- Target
  
  d8b35495d596fa9369df3a9e5d95da70N.exe
- Size
  
  1.0MB
- MD5
  
  d8b35495d596fa9369df3a9e5d95da70
- SHA1
  
  1791b053bf9b9eaeaa7f8ce2e21558a281292ab3
- SHA256
  
  a8a7abb66cf22c7f804029fa215b1dd39861eda91874af97436a4ac738670f99
- SHA512
  
  ad620640b076a72ec497b5bdea5180d520f666bed091148cfc342525b34671fb30b2339cc6f4abd4ff9d1f7e30c0f1976126f3e498af95a9115016eebd0b70a0
- SSDEEP
  
  24576:btb20pkaCqT5TBWgNQ7akdu8ScxJtJM2nt6A:YVg5tQ7akdugrfM2t5
Score

10^/10

formbook ki73 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookki73discoveryratspywarestealertrojan

behavioral2

formbookki73discoveryratspywarestealertrojan