formbook

General

Target

b0b77be825fdf9cc76f4c7cba57b2ea46fd34104c23d0d9c72b308dfc09f5277
Size

752KB
Sample

240822-ctk71atena
MD5

888fd093e2142a8773f5a21c70ad79b4
SHA1

bf80b9050ed15307e350a06f4586ba53f88b34c9
SHA256

b0b77be825fdf9cc76f4c7cba57b2ea46fd34104c23d0d9c72b308dfc09f5277
SHA512

7534ecde22e037959d9552ec552b7e5f6e33b8910c1258674bea3b0a2f4de3a3b8328e4fb88bdf975a240a979e35706e27b7c153fbe9bd56b261a87ebabcba14
SSDEEP

12288:1WozyFf/DtzXE9cz040YL15ST9Y8gadwYloj0BBMw2sNSIZ2lEoLKcpEA+Cy8OK3:1WozyZDt0lQz/9m+0B9NZ2+oL3H+CrOs

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ot96

Decoy

yclingbear.studio

sxuio.xyz

eon-official-bk-o57v.buzz

teel.management

rusjitu.sbs

ighwald-holdings.info

ummitfinancal.vip

layvalleyconstruction.online

pp-games-efficsecuspon.xyz

ouh.shop

mgltd.services

gshsjwhgsg.fun

eidotijolo.online

yifg.sbs

nline-gaming-ox-mx.xyz

ux-money.info

inergiputraborneo.dev

panish-classes-67016.bond

reightrading.info

23bet.xyz

Targets

- Target
  
  RFQ REF-AJTAJC-766677ASD-ALJ-677888- (AL DHAFRA) AL JABER - SUPPLY DELIVERY AND SUPPLY_5763-BASE ORDER.exe
- Size
  
  1.2MB
- MD5
  
  861892f267f889518f3789ce0fcb0cf2
- SHA1
  
  876802cd29fe8b258c6bdb94d66729ab7d28be36
- SHA256
  
  14b0d4325eaa7ad618ebbd5484993f0439ca78b36faa5d2b99faf22703a21d53
- SHA512
  
  e1f8f1bb11783ed6b653b792fe9562115e2f69d54932da7086105f92cc0fc11123a1513de17de4c6e7b28bd41089450bed84d9cfbee621034dd526e262d85ccf
- SSDEEP
  
  24576:wqDEvCTbMWu7rQYlBQcBiT6rprG8aBHZ2woL3B6yr2MX7FJ:wTvC/MTQYxsWR7aBTEBpSm
Score

10^/10

formbook ot96 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2