formbook

General

Target

ba67d6bb2d0999ec60d8f95bddb0cf5386a00a8bea67a72f2886ecdfebff10de
Size

592KB
Sample

240831-cy141s1bpd
MD5

46bfb49c41a84d4e6bd25e4a09e67d3c
SHA1

cfe7d5e0962106105b26d0055f42f58960a2669b
SHA256

ba67d6bb2d0999ec60d8f95bddb0cf5386a00a8bea67a72f2886ecdfebff10de
SHA512

9e546cc8821cb04a1bcfd8098bb1353dcaeea90f009ca3e53a23a2fb23e0fd8592776d96d3c4a5ef4e75567ff7e850f3bd323407cf0ba998265bcf4570f39385
SSDEEP

12288:2W08/QYPGClHBArn6ve92ugHdLbswd2pTduoxASXgDNR0EmKHd2a:sClB06viledfswdaEoxDm0EX

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b48n

Decoy

anifestmindset.net

ommybahamabigsales.shop

3tcxr.xyz

iano-world.net

rconf23.net

atherpa.shop

trllrpartners.club

5sawit777.pro

ctbhuxcdreioijresol.top

opinatlas.app

pinstar.xyz

mfengwa.top

8games13.xyz

tickpaket.online

iphuodongallbbtbtm.top

ental-bridges-51593.bond

laywithkemon.rest

lkpiou.xyz

a88.land

igfloppafan.club

Targets

- Target
  
  f19194ff1ec767b06e63a0239670106f598b4df2b660c5c2e6f6707646c07d2c.exe
- Size
  
  623KB
- MD5
  
  269066cb8351bfe6a7922e64ef467c8c
- SHA1
  
  c5d1e4644dddc439e413aae061531b0fdcd03cb3
- SHA256
  
  f19194ff1ec767b06e63a0239670106f598b4df2b660c5c2e6f6707646c07d2c
- SHA512
  
  9d0600ea37e8c8f7e9ed2249648516f2aca70483e89b155149879afc9b493b5fbf5ab255a358fbba89b370026e0fb4a7ffd78ea481f16e65ab2f74174b435496
- SSDEEP
  
  12288:aVVkS8M9hf4om1TuYGlnTUucND8YhUg3sAigYSbCxP3r8vurrYqe5:skFMT4omluTNBkLs1N8Cx78viYr
Score

10^/10

discovery formbook b48n rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2