formbook

General

Target

767f55f50dc1e54dc89051cfcf7875d2af6280d742ea0c24516debccf6664461.exe
Size

1.1MB
Sample

240807-b42r3a1bjg
MD5

f669243676d39c9b249440b0fbaa20f1
SHA1

504c020e507873d31baf55b961c4298e47788acc
SHA256

767f55f50dc1e54dc89051cfcf7875d2af6280d742ea0c24516debccf6664461
SHA512

f0736c6be6c0f546836f287165773e25a30586440d09d9c3f815892ac9773b216baf06392bbcbf7cd74b1593a1787a867bf3462d38763954de27de7bc72ba5d1
SSDEEP

24576:MqDEvCTbMWu7rQYlBQcBiT6rprG8aUVWTpRHis:MTvC/MTQYxsWR7aUVWTpc

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ph01

Decoy

23888.sbs

zvcj.sbs

raitpourtrait.net

ibraryfarmclub.online

omputercourses123.live

j88.doctor

atsue-color.click

epitalrentgrup.online

rvvpn.lol

i-signals.tech

cr-phoenix.best

frican-safari.online

c-games.zone

oardetest.online

f4md.shop

uke-saaac.buzz

arze.dev

nvestment-services-49610.bond

izatrip.sbs

ameron-paaaa.buzz

Targets

- Target
  
  767f55f50dc1e54dc89051cfcf7875d2af6280d742ea0c24516debccf6664461.exe
- Size
  
  1.1MB
- MD5
  
  f669243676d39c9b249440b0fbaa20f1
- SHA1
  
  504c020e507873d31baf55b961c4298e47788acc
- SHA256
  
  767f55f50dc1e54dc89051cfcf7875d2af6280d742ea0c24516debccf6664461
- SHA512
  
  f0736c6be6c0f546836f287165773e25a30586440d09d9c3f815892ac9773b216baf06392bbcbf7cd74b1593a1787a867bf3462d38763954de27de7bc72ba5d1
- SSDEEP
  
  24576:MqDEvCTbMWu7rQYlBQcBiT6rprG8aUVWTpRHis:MTvC/MTQYxsWR7aUVWTpc
Score

10^/10

formbook ph01 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2