formbook

General

Target

01092024_0051_30082024_Quotes RFQ.zip
Size

721KB
Sample

240901-a7ldtavhnh
MD5

8033267c163b2085f78c7e39f88a1b4c
SHA1

6d6974712d32725f409bd2d9753673f874904967
SHA256

85a80448fc8580ad79c9f70c0550f01db47cdf94cd00b59816fa587ac73c65c1
SHA512

d068a5355da5fef91bb9e1d9af3aac894b2004637dada070537eb1dc606a1dc017c07543067d57a7b39c4a2c9a2393e5e2bc3ec45fa9a6616da6d5d29f45b9f4
SSDEEP

12288:2aX0G0WAFDxcjfd+DYkWYtHQ+CpeIZoeNsIXfySADde4rfXywgBxMS2Oc3myyIah:2at4DyhfIw+Cp7mSMdeQ44b3myyIabSS

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k26n

Decoy

381.top

rojectcentralpro.website

hase-paaaa.buzz

strograft.info

leksandra.click

x-design-courses-68293.bond

769.top

igar.fun

aint-lab.net

aytrx.app

marthospitalus.info

rancoishollande.vote

048cupcakes.pro

mq8z.christmas

diplumbingcompany.info

umierespringbaymasterise.net

otishnaya.online

0n85.digital

nfluencerwerden.info

entalimplantsusasale.today

Targets

- Target
  
  Quotes RFQ.exe
- Size
  
  1.1MB
- MD5
  
  0eaeb84ceedfc30929ce2349fe72e50a
- SHA1
  
  0c78cc4009109c0f46c293b04c2a14f03767be43
- SHA256
  
  172e24c4d8a93d470687b7743342ac854687044cce11df7ab5d024726969a3eb
- SHA512
  
  fe8fcf88e6fa48a2be50ca0048d8cc8cc0dd78baf51ab3273cfec860ac24eff4904db5907216e162a9852202c0a57dd56b0cb0066de227e4d23dcfe7a2214fce
- SSDEEP
  
  24576:DqDEvCTbMWu7rQYlBQcBiT6rprG8aFzl3myy6aPSNAs:DTvC/MTQYxsWR7aFQyyHU
Score

10^/10

formbook k26n discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2