formbook

General

Target

c3003e82f1e4508bb923a29c746e4d865d9abe3ba0fb4da34c727fb4c53e9898
Size

636KB
Sample

240827-chk3vsxcrh
MD5

ba29b066d3666950d27a6e1c6bbfdcb2
SHA1

2a57c6964ec5932e962bdacc76804de6132bf132
SHA256

c3003e82f1e4508bb923a29c746e4d865d9abe3ba0fb4da34c727fb4c53e9898
SHA512

1ffc8f30bb4fbd3debe69533705fce640fb48bc1bceaf5fa9487bb4b983976111e8776422620db51d3e63881bf9efd44898e2db02587ee438743258281b7af33
SSDEEP

12288:VTqOI/FQKcl4xGv6ur2TgsrzfJ4Uqf4zJ45gqOC8Sii1E7oa3lH1HylpEK8g:JqH/FQVWGv6BtxgfCJ4JESJ1EsaDHy0o

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ph01

Decoy

23888.sbs

zvcj.sbs

raitpourtrait.net

ibraryfarmclub.online

omputercourses123.live

j88.doctor

atsue-color.click

epitalrentgrup.online

rvvpn.lol

i-signals.tech

cr-phoenix.best

frican-safari.online

c-games.zone

oardetest.online

f4md.shop

uke-saaac.buzz

arze.dev

nvestment-services-49610.bond

izatrip.sbs

ameron-paaaa.buzz

Targets

- Target
  
  PO2024.exe
- Size
  
  1.0MB
- MD5
  
  4099b081636e14f2326abd794d76c4f4
- SHA1
  
  a57733604ae479aa817b86fdd5d2cceee038b084
- SHA256
  
  8909a2b3749cb8ce0a53d100d45e034c66f5bf69684bbb6392f9e305433f7f40
- SHA512
  
  e8375dd5310c269ce22b8df87880d3071777d79cb8bfca6f730e2509b031adeb5fc50bc1c526fa6db4a6f5dc16a4082e630f94c5afcbb6e67b621342cd1c88d4
- SSDEEP
  
  24576:KAHnh+eWsN3skA4RV1Hom2KXMmHa+vEOJhosaBJkgK5:dh+ZkldoPK8Ya+vHJhJYJkR
Score

10^/10

formbook ph01 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2