formbook

General

Target

f19194ff1ec767b06e63a0239670106f598b4df2b660c5c2e6f6707646c07d2c.exe
Size

623KB
Sample

240830-cxhlaavajp
MD5

269066cb8351bfe6a7922e64ef467c8c
SHA1

c5d1e4644dddc439e413aae061531b0fdcd03cb3
SHA256

f19194ff1ec767b06e63a0239670106f598b4df2b660c5c2e6f6707646c07d2c
SHA512

9d0600ea37e8c8f7e9ed2249648516f2aca70483e89b155149879afc9b493b5fbf5ab255a358fbba89b370026e0fb4a7ffd78ea481f16e65ab2f74174b435496
SSDEEP

12288:aVVkS8M9hf4om1TuYGlnTUucND8YhUg3sAigYSbCxP3r8vurrYqe5:skFMT4omluTNBkLs1N8Cx78viYr

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b48n

Decoy

anifestmindset.net

ommybahamabigsales.shop

3tcxr.xyz

iano-world.net

rconf23.net

atherpa.shop

trllrpartners.club

5sawit777.pro

ctbhuxcdreioijresol.top

opinatlas.app

pinstar.xyz

mfengwa.top

8games13.xyz

tickpaket.online

iphuodongallbbtbtm.top

ental-bridges-51593.bond

laywithkemon.rest

lkpiou.xyz

a88.land

igfloppafan.club

Targets

- Target
  
  f19194ff1ec767b06e63a0239670106f598b4df2b660c5c2e6f6707646c07d2c.exe
- Size
  
  623KB
- MD5
  
  269066cb8351bfe6a7922e64ef467c8c
- SHA1
  
  c5d1e4644dddc439e413aae061531b0fdcd03cb3
- SHA256
  
  f19194ff1ec767b06e63a0239670106f598b4df2b660c5c2e6f6707646c07d2c
- SHA512
  
  9d0600ea37e8c8f7e9ed2249648516f2aca70483e89b155149879afc9b493b5fbf5ab255a358fbba89b370026e0fb4a7ffd78ea481f16e65ab2f74174b435496
- SSDEEP
  
  12288:aVVkS8M9hf4om1TuYGlnTUucND8YhUg3sAigYSbCxP3r8vurrYqe5:skFMT4omluTNBkLs1N8Cx78viYr
Score

10^/10

formbook b48n discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2