formbook

General

Target

QUOTATION FOR ATTACHED INQUIRY.zip
Size

712KB
Sample

240808-cmpxlsyank
MD5

55b34aad3186966d50da2635748dc921
SHA1

ffccffa1eb0855456b8fba1e712d75b646ec6217
SHA256

514a38272f6fd9372f739709eb5c11c5260ddf71b7b600ba4458763f1e44c825
SHA512

dd6c332be2e4e082b4f0895cbd72644ada6f92e6cd7328eec9b745253a84748438c507c6aa5fad6a03ec3e157f856d72188c3f4110143c7ad5d933a4c424dbdb
SSDEEP

12288:SKL5Go1MQ97ffI/SeHHYtVivh4YqACjX2zn5ZgN35KmU426K38ReWq2E2P/:SKLgo1XVI/JnYSvqY1w2ZgN35KP38GT2

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bi05

Decoy

ollow-the-bit.online

aopho.autos

14ra567dp.autos

48651301.top

ussian-dating-54714.bond

sychology-degree-80838.bond

lytracker.xyz

strology-forest.sbs

swjbcl3.top

ridgenexttechnologies.partners

lroy.sbs

kyscreen.vip

anhit.live

uckyheart.xyz

orddserials.online

hetune.shop

nherited-traits-ant.bond

stanaslot-1.xyz

sychologist-therapy-36914.bond

iandramonami.net

Targets

- Target
  
  QUOTATION FOR ATTACHED INQUIRY.exe
- Size
  
  1.1MB
- MD5
  
  5af0b0a5cd8a9596dd5e85abeb93fd7e
- SHA1
  
  d64312ca70f07d9d5dc49deab65026f1e066a579
- SHA256
  
  886c7ebfad029160c6aab6aa288765e5488abb140a1c99b795951de91e370157
- SHA512
  
  1e761a73c76c813c095aaf35bd9b191267a0fe970ab522ac962eec7bdfbe008cd1cc42f0893e32882aff3769b473209cbfef09488edb97b0c81f365ef38ae35f
- SSDEEP
  
  24576:qqDEvCTbMWu7rQYlBQcBiT6rprG8agdNI9F5KBV8L:qTvC/MTQYxsWR7agdNI9H
Score

10^/10

formbook bi05 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2