formbook

General

Target

2bedf155eaa7e02bbcd0ebbc1a0228e8bdf7cbf2b924776929c05288f5164a2d.z
Size

542KB
Sample

240803-bk75qsxhlr
MD5

6a05650628a1afa16a400e064d78c50a
SHA1

e53a5fc46ae8cfbeed4c5761af09cc6decd73f4a
SHA256

2bedf155eaa7e02bbcd0ebbc1a0228e8bdf7cbf2b924776929c05288f5164a2d
SHA512

426d703ba6b472d21d76479e64d28bb6d9059c77992b0ec987111a1a0df846d7969b938df01d888dc88ed5e147c43018f0ebadbfc97456d4d38dea52d01bcc9f
SSDEEP

12288:AS/qoRNlWmVDwBzfxhCIMYJi9c7i/WP2/3OmGQ1eMnYlZP:ZqoRLDwPhODZ//3OmoMcZP

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

na10

Decoy

tetheus.com

ventlikeyoumeanit.com

tintbliss.com

rinabet357.com

sapphireboutiqueusa.com

abc8bet6.com

xzcn3i7jb13cqei.buzz

pinktravelsnagpur.com

bt365038.com

rtpbossujang303.shop

osthirmaker.com

thelonelyteacup.com

rlc2019.com

couverture-charpente.com

productivagc.com

defendercarcare.com

abcentixdigital.com

petco.ltd

oypivh.top

micro.guru

Targets

- Target
  
  Payment.exe
- Size
  
  714KB
- MD5
  
  1eca8e2ba8d4939400ef3b6f315a68f2
- SHA1
  
  6729aea498f4d5d67bd78776a309cd3c7c06e3cb
- SHA256
  
  2a899ee00e6f2b09c002a3dc271e3ec7d15a7c98b8a3d9500f96dfd7fe941f4a
- SHA512
  
  c826420eeaa3cb9726de4a20ff92b8d66b13b9edfd625e1955d9f5d44c86ba2987686789e99dc42c4f8ec734090259e9c7c4582fba05e7d8b02f6bd899718159
- SSDEEP
  
  12288:mY5Qvy6uSajv6QAcFahFRavD7R5GMYG2ucItiyE:t5QvTuSar6QgjGqGV
Score

10^/10

formbook na10 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2