formbook | 19437bcdb8ab50cd8ff35638dfec0a825ebc54eec82da2ad973052ee60ca5734 | Triage

Sharing

General

Target

19437bcdb8ab50cd8ff35638dfec0a825ebc54eec82da2ad973052ee60ca5734
Size

418KB
Sample

240902-d7ykxs1hja
MD5

e385b151755a0807d4827e54e1c20559
SHA1

91703ef369434e27bb4aaa95c807f6587fde0de9
SHA256

19437bcdb8ab50cd8ff35638dfec0a825ebc54eec82da2ad973052ee60ca5734
SHA512

1ad7a4dc0083d737fa5cbcaa32ab6f24101a393042b2de38aea016926bb3d23479d50fa52228b0e7f1935482dba8dbe4bdfbfda4e38b6b79eaeb4b4a39012c9d
SSDEEP

6144:QrKw9kfYfmFcqs/ObdppUN29FYDAWWwA1Ydj3ocGOwphwd64WGbJlAbDXROZJ2Zr:qf2Afoc1epUyYDA4A1sYV74WsJlH01

Score

10^/10

formbook u1bs discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

u1bs

Decoy

ln-safe-keepingmisva4.xyz

rtfh.xyz

awolin.link

metadlf.com

cardboardcasual.com

psicoterapiahablada.com

spaminator.xyz

hnjqzl.top

dentalyinovasi.site

biosynblas.com

zvyk.store

shreevishwakarmaservices.com

showersplash.com

norbert-roth.com

londoncapitaltraders.com

istanbuldonerkebabheroncity.com

realdiscountsnow.com

marlinplumbingwnc.com

magazinadziavane.com

qantv.com

Targets

- Target
  
  370b7d8656ddabeb6669b24da32cd047ebbd977efce6047bd26e8326a98c768e
- Size
  
  506KB
- MD5
  
  8e3ffb0282c016ce500a81a4e7a5f13e
- SHA1
  
  3f0acf30be8406bc451bf43ad5a704c066bd89b5
- SHA256
  
  370b7d8656ddabeb6669b24da32cd047ebbd977efce6047bd26e8326a98c768e
- SHA512
  
  ea9cf7dd7afdab45021e88d3f258d6d38d91b9952afbc8b7365e5d47fb37008b270a7e0dee0c046c14c035f0b1a3f88c45ce262f895bc420be8dace52eda28c0
- SSDEEP
  
  12288:4CztCniVGFCL7EZTo7ZGSki2YmrgTPVrBJNQqI:4CpC5CL4ZkNGS+Yoqx7NQT
Score

10^/10

formbook u1bs discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooku1bsdiscoveryratspywarestealertrojan

behavioral2