formbook

General

Target

586705def5c28891fa8fd49e9e442bd119f2a2522eff11c15613ffcc31c5d446.exe
Size

1.1MB
Sample

240820-bv22gaxaka
MD5

57406a428a9cafdc12c7daedd31174c9
SHA1

7ff8556bbee4dd276f9c098b433c418d61ab1ea1
SHA256

586705def5c28891fa8fd49e9e442bd119f2a2522eff11c15613ffcc31c5d446
SHA512

88895c3d3fd5202358142a83de1858b51f78783e5aca4d549d7c3a6c764ab5e6d2dfb6108b5709d37bce6623952bf0e5ce571274935b3f504ed47d5e97e35ba0
SSDEEP

24576:sqDEvCTbMWu7rQYlBQcBiT6rprG8anl5LntsDUlln2:sTvC/MTQYxsWR7anTLnts2l

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ph01

Decoy

23888.sbs

zvcj.sbs

raitpourtrait.net

ibraryfarmclub.online

omputercourses123.live

j88.doctor

atsue-color.click

epitalrentgrup.online

rvvpn.lol

i-signals.tech

cr-phoenix.best

frican-safari.online

c-games.zone

oardetest.online

f4md.shop

uke-saaac.buzz

arze.dev

nvestment-services-49610.bond

izatrip.sbs

ameron-paaaa.buzz

Targets

- Target
  
  586705def5c28891fa8fd49e9e442bd119f2a2522eff11c15613ffcc31c5d446.exe
- Size
  
  1.1MB
- MD5
  
  57406a428a9cafdc12c7daedd31174c9
- SHA1
  
  7ff8556bbee4dd276f9c098b433c418d61ab1ea1
- SHA256
  
  586705def5c28891fa8fd49e9e442bd119f2a2522eff11c15613ffcc31c5d446
- SHA512
  
  88895c3d3fd5202358142a83de1858b51f78783e5aca4d549d7c3a6c764ab5e6d2dfb6108b5709d37bce6623952bf0e5ce571274935b3f504ed47d5e97e35ba0
- SSDEEP
  
  24576:sqDEvCTbMWu7rQYlBQcBiT6rprG8anl5LntsDUlln2:sTvC/MTQYxsWR7anTLnts2l
Score

10^/10

formbook ph01 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2