formbook | c5628c701357d02296adfa9309dcf21e8d989318426b18179eef58d06f796641 | Triage

Sharing

General

Target

c5628c701357d02296adfa9309dcf21e8d989318426b18179eef58d06f796641
Size

723KB
Sample

240820-sx7heatdkq
MD5

546c4be0f2a980e36068e62847318b6d
SHA1

e445c35ab5b39b7b11134d7211b1afab8b9d6ded
SHA256

c5628c701357d02296adfa9309dcf21e8d989318426b18179eef58d06f796641
SHA512

bc60b980f2204bf902111f84081a6533e6fa66a4621832aab14d57feffa2dda98bb63d886fdb6094d9b4f6f309de2f68d51818175c7977518f1a9b912dd86d05
SSDEEP

12288:LC5ackSCEqj6bNUZl/Ap4wv7bEjcHvvqp46rLBSe8mcAgkm9YuP:L9z2bNULBy7xqy65QmH1m9YuP

Score

10^/10

formbook ot96 discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ot96

Decoy

yclingbear.studio

sxuio.xyz

eon-official-bk-o57v.buzz

teel.management

rusjitu.sbs

ighwald-holdings.info

ummitfinancal.vip

layvalleyconstruction.online

pp-games-efficsecuspon.xyz

ouh.shop

mgltd.services

gshsjwhgsg.fun

eidotijolo.online

yifg.sbs

nline-gaming-ox-mx.xyz

ux-money.info

inergiputraborneo.dev

panish-classes-67016.bond

reightrading.info

23bet.xyz

Targets

- Target
  
  RFQ1 REF-JTC-AJC-QINHP5-TIS-L0009- (AL DHAFRA) AL JABER - SUPPLY.exe
- Size
  
  1.1MB
- MD5
  
  29ce40926ebdaec5752f14be5e21fbeb
- SHA1
  
  df0e8f649c9fd548eb7d42eed2884cc68979ccd9
- SHA256
  
  ee71ad1c0362898a774103c743ef574c6a3cf37a3556a9eb8809bc411cd179cb
- SHA512
  
  8c8ef0a9d99ff00111d6d0d6ebda2b65f812b7d1f93ff36194c7e73a6ff70138225d3a626a0168b78f64a51e443fe588274c18f0220ad05b648f34c92e540e5d
- SSDEEP
  
  24576:pqDEvCTbMWu7rQYlBQcBiT6rprG8aSuK06lMmt1mI/:pTvC/MTQYxsWR7aS906lPt1mI
Score

10^/10

formbook ot96 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookot96discoveryratspywarestealertrojan

behavioral2

formbookot96discoveryratspywarestealertrojan