formbook

General

Target

2.exe
Size

26KB
Sample

240829-kvjdssvfpr
MD5

f56fa841f1e1bf4b7a607a8e2fc5ae22
SHA1

776fa68f0a1423a3d357c5af61e44f19b7e028ea
SHA256

5a0cf9e038ccec4e878a683c917c93d28a9aa301d478711b01c199e9fb14aa30
SHA512

8bc684c6de769b48e18942585ca3ad4946223122b42dcc6f032ed77f7204280b456c8cee2cf8ea6de91a0be0b16d621ca06e555cb10411d3ac1e59011f76b292
SSDEEP

768:EAs8m2LjndUuHMFSlWXokQPhbOcjC49N0Z:jsP2LjndUuHMgIXokQPgcjC49No

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rn94

Decoy

st68v.xyz

conciergenotary.net

qwechaotk.top

rtpdonatoto29.xyz

8ad.xyz

powermove.top

cameras-30514.bond

vanguardcoffee.shop

umoe53fxc1bsujv.buzz

consultoriamax.net

hplxx.com

ndu.wtf

yzh478c.xyz

bigbrown999.site

xiake07.asia

resdai.xyz

the35678.shop

ba6rf.rest

ceo688.com

phimxhot.xyz

Targets

- Target
  
  2.exe
- Size
  
  26KB
- MD5
  
  f56fa841f1e1bf4b7a607a8e2fc5ae22
- SHA1
  
  776fa68f0a1423a3d357c5af61e44f19b7e028ea
- SHA256
  
  5a0cf9e038ccec4e878a683c917c93d28a9aa301d478711b01c199e9fb14aa30
- SHA512
  
  8bc684c6de769b48e18942585ca3ad4946223122b42dcc6f032ed77f7204280b456c8cee2cf8ea6de91a0be0b16d621ca06e555cb10411d3ac1e59011f76b292
- SSDEEP
  
  768:EAs8m2LjndUuHMFSlWXokQPhbOcjC49N0Z:jsP2LjndUuHMgIXokQPgcjC49No
Score

10^/10

discovery formbook rn94 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2