formbook

General

Target

92b1f2ee516e87aff3e8ef41ae051276a9cb1002ccd788a15e527df458631a70.exe
Size

595KB
Sample

240803-b9qxraygnq
MD5

ee2875f921602d7f7f26f0b788f1b3f7
SHA1

3690ccea99c4399ef2990ca3dc3d79eb29666794
SHA256

92b1f2ee516e87aff3e8ef41ae051276a9cb1002ccd788a15e527df458631a70
SHA512

85c813d764baba7a8a9f246cfa26208a886c64c1df8cca3863e8898342382a4dd7a0734b34fc904fb6637f1dec215da92a714d01c1fb430a811933dfd99275e5
SSDEEP

12288:6YV6MorX7qzuC3QHO9FQVHPF51jgcEQ433ZwrXUuunukKlkA:pBXu9HGaVHOwrXUuepDA

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ephb

Decoy

chertsey-estates.com

zeushomeservices.com

2ax4z.com

leihuluofkauai.com

sunshinespd.com

lifeexplorer.today

holywellspringwater.com

clip-on-veneers.today

jaspershousekeeping.com

tcyd123.top

aimpets.com

n11ni5.cfd

oplmanager.dev

parisolympicgamesguide.com

askwhtevr.com

usino.online

pa6yy8h.xyz

tabomediaa.com

iwill3d.com

piqhome.site

Targets

- Target
  
  92b1f2ee516e87aff3e8ef41ae051276a9cb1002ccd788a15e527df458631a70.exe
- Size
  
  595KB
- MD5
  
  ee2875f921602d7f7f26f0b788f1b3f7
- SHA1
  
  3690ccea99c4399ef2990ca3dc3d79eb29666794
- SHA256
  
  92b1f2ee516e87aff3e8ef41ae051276a9cb1002ccd788a15e527df458631a70
- SHA512
  
  85c813d764baba7a8a9f246cfa26208a886c64c1df8cca3863e8898342382a4dd7a0734b34fc904fb6637f1dec215da92a714d01c1fb430a811933dfd99275e5
- SSDEEP
  
  12288:6YV6MorX7qzuC3QHO9FQVHPF51jgcEQ433ZwrXUuunukKlkA:pBXu9HGaVHOwrXUuepDA
Score

10^/10

formbook ephb discovery rat spyware stealer trojan upx
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

UPX packed file

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2