formbook

General

Target

f95ecb01473fe8a186e0a7b039afb5609e5f65f53d51180f1f605d034758f4a5
Size

748KB
Sample

240826-fxkx7axcja
MD5

5604896cab4930c9fc982d304df824b6
SHA1

f744292f432afc6e426001f44519d052ea04fca8
SHA256

f95ecb01473fe8a186e0a7b039afb5609e5f65f53d51180f1f605d034758f4a5
SHA512

f80df2660528aa3d28a6453aa5683066ce6f7ef2a18d95cdf1544400ca25b33838593bf56254daf8e0257e7b6e64ce3cdfaae25a91320d34278bec0724bcef4c
SSDEEP

12288:odvfHEqHz47LlN3bhxfwnCbTv8zISpGmpGtzPNa0LJzpEgsFwWkc20hekq8f0:wfkqHz+DbjfeCbYkSpGSWNa09igsFwWi

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ph01

Decoy

23888.sbs

zvcj.sbs

raitpourtrait.net

ibraryfarmclub.online

omputercourses123.live

j88.doctor

atsue-color.click

epitalrentgrup.online

rvvpn.lol

i-signals.tech

cr-phoenix.best

frican-safari.online

c-games.zone

oardetest.online

f4md.shop

uke-saaac.buzz

arze.dev

nvestment-services-49610.bond

izatrip.sbs

ameron-paaaa.buzz

Targets

- Target
  
  New Order_pdf.exe
- Size
  
  1.2MB
- MD5
  
  5bda6ed02bf9ee30fcee815cd3e600c0
- SHA1
  
  82644c7ccc6c3366603c812c7c86b44d827f2408
- SHA256
  
  1f7acc55a13b6884c4cba7686c7f28cc5bdbbd9fd32947335044db368d2dea2d
- SHA512
  
  38cc0b9e2f5263bb5f28e0ec708a6042f324fcd18b211e674e83ae59acc7cceec142c2a95efd2f328fb1fde5dcdd65a213e1ee76e7bd9552bfce079056ffe11f
- SSDEEP
  
  24576:yqDEvCTbMWu7rQYlBQcBiT6rprG8aX4Z+EsFAWNmU/s:yTvC/MTQYxsWR7aX4Z4FAWNmU
Score

10^/10

formbook ph01 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2