formbook

General

Target

bb06ed23d87e32af51577a5c513154a4.bin
Size

227KB
Sample

240820-b3922s1elq
MD5

06b7ff897131b5fecb0c258c2ed51df3
SHA1

cdac66b43dc864d357510e5cc7f749200ea933fd
SHA256

ab30d6c749401addfcd58a4bac8a689d8c8ecfd872f31c3c1d0340e8c3819ddc
SHA512

cc607cc9a556ba7e27fd78168b7513143ac851d9b595a894273fe948fdedd9df6f0d10edeb570bbd177a1f763058edc1cc9bbadd77ae7e49f40e9a26c2cbf088
SSDEEP

6144:KqNoaYZM3MAXOQb7HPbf7HnG+yvi+LMlkm:eAXOqfDnGhiim

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rn10

Decoy

kedai168et.com

mental-olympics.com

pussybuildsstrongbones.net

857691.shop

hisellers.net

exposurecophotography.com

beaded-boutique.net

wednesdayholdings.com

plesacv.xyz

manonlineros.com

a0204.shop

333689g.com

dyprl716h.xyz

pulseirabet.com

fnet.work

bo-2024-001-v1-d1.xyz

ongaurdsecurity.com

giulianacristini.com

miladamani.com

magicalrealmshopkeeper.online

Targets

- Target
  
  cb723d514a98b4d825222314945c680011cf2ba21dafd5cd9129fe144083b944.exe
- Size
  
  402KB
- MD5
  
  bb06ed23d87e32af51577a5c513154a4
- SHA1
  
  0465630ce40cd3eaf1e9f92daaccc16b9c3241e7
- SHA256
  
  cb723d514a98b4d825222314945c680011cf2ba21dafd5cd9129fe144083b944
- SHA512
  
  7915237ef8485cc63b57ce13adfffccf87510f896eac248299e3c5325c70a2e50b5657ed532ea09767c873d31afe3b956fbe807b6b4384ec6fa99836fb19d0a9
- SSDEEP
  
  6144:zmb3/3zvZ74J5spMIUYYKUeq7a/WUuufBvRiD5a:2v54Jq1B6L7UuupA
Score

10^/10

discovery formbook rn10 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2