formbook | 2f1f6bee630ceab483495b681e2468e018f6a9f2f28842d9ac7b40cf1e621f08 | Triage

Sharing

General

Target

MalwareBazaar.3
Size

1.1MB
Sample

240805-rcre1ssbmg
MD5

dca3f0ad0eaa9ed5eabfab13b8e5e72c
SHA1

2db545db06211a8dd2317e9e08b5fdfc3431ca28
SHA256

2f1f6bee630ceab483495b681e2468e018f6a9f2f28842d9ac7b40cf1e621f08
SHA512

21b1e786096e88434320020c13eef11e18c73d8b2d115425e731391a28c15739f3d55532cf08cb5d53fe7c2e5dae58a016d3202aeb7362a45e8520ce1cb38e61
SSDEEP

24576:KqDEvCTbMWu7rQYlBQcBiT6rprG8aw9tMmI3fHsDbo:KTvC/MTQYxsWR7aw9emI/2

Score

10^/10

formbook lm31 discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

lm31

Decoy

dr-shahmoradi.com

mogu.live

antoni-tapies.com

fhwz79.com

worldskillscompetition.com

521b421.com

jinchenlan.com

beenprintin.com

easysnatch.store

cepatsukses.pro

yepyepper.com

privateschoolwichita.com

vanguardartisan.com

hbvc.xyz

17eclbet.com

loki360store.com

greatfinland.com

pranaimed.com

20587.asia

stelariptv.com

Targets

- Target
  
  MalwareBazaar.3
- Size
  
  1.1MB
- MD5
  
  dca3f0ad0eaa9ed5eabfab13b8e5e72c
- SHA1
  
  2db545db06211a8dd2317e9e08b5fdfc3431ca28
- SHA256
  
  2f1f6bee630ceab483495b681e2468e018f6a9f2f28842d9ac7b40cf1e621f08
- SHA512
  
  21b1e786096e88434320020c13eef11e18c73d8b2d115425e731391a28c15739f3d55532cf08cb5d53fe7c2e5dae58a016d3202aeb7362a45e8520ce1cb38e61
- SSDEEP
  
  24576:KqDEvCTbMWu7rQYlBQcBiT6rprG8aw9tMmI3fHsDbo:KTvC/MTQYxsWR7aw9emI/2
Score

10^/10

formbook lm31 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooklm31discoveryratspywarestealertrojan

behavioral2

formbooklm31discoveryratspywarestealertrojan