formbook

General

Target

0526bafb475af9a866422938635fd54ffe5fc640e8163b77a54b0e9b7d222b11
Size

723KB
Sample

240812-ce98ksvaqf
MD5

578fc08fd8ea4c5f14dca923af39d70e
SHA1

7eb5bc62c2157f8ee39c2d78e8a46151cbf08d4a
SHA256

0526bafb475af9a866422938635fd54ffe5fc640e8163b77a54b0e9b7d222b11
SHA512

c4224788a5354e9b4aca97b0184db196ae4eca4566bce9916e94e99f6075fcc3811f4984ef5e7b18a8c4030ba2ca36c38dd3fc7bb32059702bf87282f369ca49
SSDEEP

12288:XLGi2GyfQhORT5D8W/f4pt+gCWMtbF7/4khcnY1h//s/2aUeL36y:XLGi5uQMT5/WMtV4kWYv/0/XD3L

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

lm31

Decoy

dr-shahmoradi.com

mogu.live

antoni-tapies.com

fhwz79.com

worldskillscompetition.com

521b421.com

jinchenlan.com

beenprintin.com

easysnatch.store

cepatsukses.pro

yepyepper.com

privateschoolwichita.com

vanguardartisan.com

hbvc.xyz

17eclbet.com

loki360store.com

greatfinland.com

pranaimed.com

20587.asia

stelariptv.com

Targets

- Target
  
  employee Performance.exe
- Size
  
  1.1MB
- MD5
  
  ef7277271a100eb71de288aad59a405a
- SHA1
  
  07c4baaaa251f6da787ab41bf56516d4d977b758
- SHA256
  
  63366a01b2ab67323933f03ee2da752572ec8f70578905646806abf3f9b655d2
- SHA512
  
  5deb43f45505ce586d8513b2622641664d0e66f3d4a70f760b73bce380d3869b1e9a6d23dc8ea14c23e31a2ad4c7f05a4b73c28c97cca87c1cc84d8b35d0d0bc
- SSDEEP
  
  24576:oAHnh+eWsN3skA4RV1Hom2KXMmHaBJPGrb0vBzE75:vh+ZkldoPK8YaBJPGcJzc
Score

10^/10

formbook lm31 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2