formbook

General

Target

086e659b1784ab08b4694bbb06483d4b54f966697cadffc2f15edceac440b7bc.exe
Size

1.0MB
Sample

240829-r9e39azajl
MD5

4bf5f0c19903569f5dd85fd8067041ea
SHA1

d467e870a79615ad465d2215ca5284e5cb07fbd7
SHA256

086e659b1784ab08b4694bbb06483d4b54f966697cadffc2f15edceac440b7bc
SHA512

310a4fc5c18526c679d21c7f64428a6bec1d3904f971d815370b8bd9e90c35caa268d478d006169b5a0baf7a1ecf94520feeec22f64e9d0b7b8423707d77d6a2
SSDEEP

24576:tAHnh+eWsN3skA4RV1Hom2KXMmHaCdLtHgGbtYNHu5:Mh+ZkldoPK8YaCdGDk

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ph01

Decoy

23888.sbs

zvcj.sbs

raitpourtrait.net

ibraryfarmclub.online

omputercourses123.live

j88.doctor

atsue-color.click

epitalrentgrup.online

rvvpn.lol

i-signals.tech

cr-phoenix.best

frican-safari.online

c-games.zone

oardetest.online

f4md.shop

uke-saaac.buzz

arze.dev

nvestment-services-49610.bond

izatrip.sbs

ameron-paaaa.buzz

Targets

- Target
  
  086e659b1784ab08b4694bbb06483d4b54f966697cadffc2f15edceac440b7bc.exe
- Size
  
  1.0MB
- MD5
  
  4bf5f0c19903569f5dd85fd8067041ea
- SHA1
  
  d467e870a79615ad465d2215ca5284e5cb07fbd7
- SHA256
  
  086e659b1784ab08b4694bbb06483d4b54f966697cadffc2f15edceac440b7bc
- SHA512
  
  310a4fc5c18526c679d21c7f64428a6bec1d3904f971d815370b8bd9e90c35caa268d478d006169b5a0baf7a1ecf94520feeec22f64e9d0b7b8423707d77d6a2
- SSDEEP
  
  24576:tAHnh+eWsN3skA4RV1Hom2KXMmHaCdLtHgGbtYNHu5:Mh+ZkldoPK8YaCdGDk
Score

10^/10

formbook ph01 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2