formbook

General

Target

023aa336c72a9b44aa5552f7805dfd49d6281c81bf5493ee1088118f4ab39993
Size

612KB
Sample

240813-ccc53aycjg
MD5

e8aae9c7dc54cc89ade9dad398d08285
SHA1

d9c8ea54d725c8092bfbcce635b56381e6b7d32d
SHA256

023aa336c72a9b44aa5552f7805dfd49d6281c81bf5493ee1088118f4ab39993
SHA512

7dfb4cbb6fe86530248f7401a1352afcf44b57b170530c797eb5c5c52302a1cbf240e6834a6034895cd9597264dc1074a5d8c3616dd81b5b731c3f47f8aafe89
SSDEEP

12288:xsbAu2hMEeauwj8epT0XmED1JO0eQS8m5YV5EMM+:WpXE2wA00X9D1c0tS35zk

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

to12

Decoy

petnossa.shop

dtmt.online

ikonkablo.online

voguewear-to.com

thekachorichhori.com

frozenstarch.com

auto888vip.net

day.lol

wangxunas.asia

myultimategoal.xyz

thuthurahat.store

00050427.xyz

ifcexpo.com

lctglobal.com

liamcollinai.com

sisibytundun.com

multiverseearth.com

bt365950.com

vbuyshouses.com

bidbarrel.com

Targets

- Target
  
  ORDER.exe
- Size
  
  1.1MB
- MD5
  
  2a2ee6dc6b324aed33389ca52bb82005
- SHA1
  
  7fa45dad561f81d5a892b3ec84e8fad4ed751e82
- SHA256
  
  51fff4f47965c96f05725a7655150c7dad217117e8c4b393a02b5b9a415747cb
- SHA512
  
  c83ed263130e762b7f89341be52abaddda581215476536095856f0bd9b17244f43b98617de88f51c9247c0ca3c2ab1a5c8af3f13540ce99177ec02ff1a329ad7
- SSDEEP
  
  24576:dAHnh+eWsN3skA4RV1Hom2KXMmHa7bubTGMel5uz5:8h+ZkldoPK8Ya7sbe3K
Score

10^/10

formbook to12 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2