formbook

General

Target

e5834e14777d7df91dc61f75c796e07a.bin
Size

654KB
Sample

240727-efb4aaydpe
MD5

ec0f98a7aef7ef3be4d533343ff7a5ce
SHA1

c149900e767e1a9025cc107019918a4ec15bd442
SHA256

6239b3d650ba3b2099558638945bea18dce16d97e2cf18bcc692dd57ed1d570f
SHA512

fe3f6da7cb9b24bd24c6f968cf332db9311e48d23057fbd3d4441a50aaefe3c8764f1f01b6ed354fe429c01662b6f9f4f3d709c23b5a54b8fe949b1dbcb067ab
SSDEEP

12288:0mn0DqsAwyq/onp4ljUmbDqqi9yfVFmd5v9cp1It4YA+EpU/aLQgMfhaH:0YsByc2qvVFmbCM4YA+EDQg6e

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ty31

Decoy

jejakunik.com

inb319.com

jifsjn.buzz

gkyukon.site

43443.cfd

cogil69id.com

oeaog.com

lpgatm.com

mymarketsales.com

tomclk.icu

404417.online

nysconstruction.com

ourwisequote.com

ahsanadvisory.com

ottawaherps.com

forevermust.com

apartments-for-rent-47679.bond

kdasjijaksdd.icu

buthaynah.com

manggungjayakanopi.com

Targets

- Target
  
  acf03676e5dd002d0dc94a2b50e83dda78d287ee9b07ad2c9659688310015820.exe
- Size
  
  1.1MB
- MD5
  
  e5834e14777d7df91dc61f75c796e07a
- SHA1
  
  1307720fcf7f9df9dc5d3f7393229b92f56b2480
- SHA256
  
  acf03676e5dd002d0dc94a2b50e83dda78d287ee9b07ad2c9659688310015820
- SHA512
  
  048b73353999a417d239f488743656dee95b0b3b8ed8a0c8adca5ba9474ffbc2d22223d51e4b852bf6bbb189ad3bb127ae59f2d062e8171f77b0223b4bca31cc
- SSDEEP
  
  24576:/qDEvCTbMWu7rQYlBQcBiT6rprG8aLHqGzPdlAx:/TvC/MTQYxsWR7aLHbzPD
Score

10^/10

formbook ty31 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2