formbook

General

Target

01cdf409713526dc1983982e0f72f1b4672a3b0e4aab0b9ffaa5570858dd05bb
Size

730KB
Sample

240822-ctkw8stemh
MD5

7225b4dbaa3e31fadc703995a73aa484
SHA1

5712a7edd2b7edb875aa8249d152b594757d6e2f
SHA256

01cdf409713526dc1983982e0f72f1b4672a3b0e4aab0b9ffaa5570858dd05bb
SHA512

546b3f9176b761344574f8b85590d4d4f3ce2a4d64edc2f6aaeb90b778448b29f8311a92fe39447dd19e64cc0fccbd5546d0d451dd595bb4a263095c478dad28
SSDEEP

12288:rQTvnMhzDJPnbhG8vauYtjtUaFrA+4Ac44NhW28l7vfnaA7WKeedwSn60MI8VJsG:rCvn+fxnbdvctCarm58ILKeImI8nz

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ph01

Decoy

23888.sbs

zvcj.sbs

raitpourtrait.net

ibraryfarmclub.online

omputercourses123.live

j88.doctor

atsue-color.click

epitalrentgrup.online

rvvpn.lol

i-signals.tech

cr-phoenix.best

frican-safari.online

c-games.zone

oardetest.online

f4md.shop

uke-saaac.buzz

arze.dev

nvestment-services-49610.bond

izatrip.sbs

ameron-paaaa.buzz

Targets

- Target
  
  PO2024_pdf.exe
- Size
  
  1.1MB
- MD5
  
  bc980d4328f0dba55926b45ea5599d09
- SHA1
  
  d31b2056d30e49a6f655779acf088e96e6d452ab
- SHA256
  
  8bd5c8d980c76cd62711f609edde9ffe19b97ab154f7b8e81c563db304be1e52
- SHA512
  
  250085c1979997557ae4c39258c34db0ab1ecd8ae248c4ac772b47c708b115aa72f0e234a3f81298d786edb53309f022bb84d68cf6cd678697fa87df9b93bb0b
- SSDEEP
  
  24576:rqDEvCTbMWu7rQYlBQcBiT6rprG8a8j5Mq3kwQaI8xN:rTvC/MTQYxsWR7a8jdI8x
Score

10^/10

formbook ph01 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2