formbook | a8ae8e0bf8aae2ee283f47dcd291dcc393ad077d7f95502eac6145d12718287a | Triage

Sharing

General

Target

a8ae8e0bf8aae2ee283f47dcd291dcc393ad077d7f95502eac6145d12718287a
Size

734KB
Sample

240821-fpndcavcqm
MD5

afdf91c9880e24ad38df23c1f6d53d09
SHA1

8c625a9de17ea4ab590a1c6713691f8cc3fec23c
SHA256

a8ae8e0bf8aae2ee283f47dcd291dcc393ad077d7f95502eac6145d12718287a
SHA512

85eb68dfa00667e979b881e2c8da8d5e725aa61ef83b434cb80aae7078200a2549d8049cc7b666301dc9dd9c1bf392374366fc462dcee21cc0f3a506ee14c963
SSDEEP

12288:P7rDNzNooy/+6Q97fX5LUTQH0OYqTOsiE7Vrq9UIjy0X5HHsc+qYrfh1dDbGZjh+:DrpzyQVRHHNYYiGV3Yy0X/0Xbgh/edz5

Score

10^/10

formbook bi05 discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bi05

Decoy

ollow-the-bit.online

aopho.autos

14ra567dp.autos

48651301.top

ussian-dating-54714.bond

sychology-degree-80838.bond

lytracker.xyz

strology-forest.sbs

swjbcl3.top

ridgenexttechnologies.partners

lroy.sbs

kyscreen.vip

anhit.live

uckyheart.xyz

orddserials.online

hetune.shop

nherited-traits-ant.bond

stanaslot-1.xyz

sychologist-therapy-36914.bond

iandramonami.net

Targets

- Target
  
  New Purchase Order.exe
- Size
  
  1.1MB
- MD5
  
  eaa202b477e3f9399c7712b5353e881c
- SHA1
  
  cea68d5b7243d6f5adbfd39e20f7df7344c148de
- SHA256
  
  5ccd3ceebd40c9b49d776f317256242319217ebf481bcf681559e44694612f65
- SHA512
  
  3ad512dbece5756ac3ddbc561e38c3962615d69fa1e2852e1c980a75499cff8a97c44a3023af4f7b4e2ad166bdd00840fd5f474eebf6c10d020f986aea42db01
- SSDEEP
  
  24576:MqDEvCTbMWu7rQYlBQcBiT6rprG8aLszADbt7:MTvC/MTQYxsWR7aLszw5
Score

10^/10

formbook bi05 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookbi05discoveryratspywarestealertrojan

behavioral2

formbookbi05discoveryratspywarestealertrojan