formbook

General

Target

9a513390d1b10efac55bf125607708a0N.exe
Size

392KB
Sample

240814-mh3ysaxbpe
MD5

9a513390d1b10efac55bf125607708a0
SHA1

40af9e5a55e0b8f11fb61ad101ca783070f6abbc
SHA256

67074890dc344540b57f14a3c614ef9bfe434602e4e17587958afa3e6f3af9a1
SHA512

21e3a1207cfc8b487581546bd5b213646c8f7c053884419ce387f4d9dabb14a02239594fb9c58d3a55a9baa69f5b1635066d4bd98729d190963da489d08f495a
SSDEEP

6144:RnGVON7t5oGZIuXu78j6MRUKj9vw06hM:355FmzW6yUKj9vw0

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

pea

Decoy

dadufu2011.com

aiqylw.com

nexteer.tech

lowellselvin.net

scoreretirementcommunity.com

7aonsc.com

poe-tools.site

wwwjinsha675.com

kyntenslocum.com

crazygore.com

wecreate.tech

oakmontappraisalcompany.com

aylaham.net

asianrecruitmentconsultants.com

hr-ziilabs.com

unwindthemind.biz

drivewaypatiocleaning.com

blekete.com

csfengsu.com

neuralmeshes.com

Targets

- Target
  
  9a513390d1b10efac55bf125607708a0N.exe
- Size
  
  392KB
- MD5
  
  9a513390d1b10efac55bf125607708a0
- SHA1
  
  40af9e5a55e0b8f11fb61ad101ca783070f6abbc
- SHA256
  
  67074890dc344540b57f14a3c614ef9bfe434602e4e17587958afa3e6f3af9a1
- SHA512
  
  21e3a1207cfc8b487581546bd5b213646c8f7c053884419ce387f4d9dabb14a02239594fb9c58d3a55a9baa69f5b1635066d4bd98729d190963da489d08f495a
- SSDEEP
  
  6144:RnGVON7t5oGZIuXu78j6MRUKj9vw06hM:355FmzW6yUKj9vw0
Score

10^/10

formbook pea discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2