formbook

General

Target

02092024_1542_01092024_BASF PETRONAS Chemicals Request For Quotation.zip
Size

665KB
Sample

240902-s5n12avbph
MD5

a757cef4c96a74c4d0be823ad29c0f07
SHA1

9eecb657f18e04ba4945af36c919c6fedde5b080
SHA256

78c3b324b4ad10e694cb67c6c21e7746ca15decce98a3e258685fdb47cafa1f4
SHA512

88050f2291c2ddb29108cd90d11a4a313d38ecc043bbbb4c9b84030b036116be7d2a799f00cfe28ff6f0ef45035ea898a14130d0876f9f0eba587893efbff10e
SSDEEP

12288:hF6x9lv+utvaQOVVq+E5cmCRJbTCO0f8QR04zmL09dLa5ghNcMbAg77GUvg:hFO9EutvcJbTCOd20fL0vLa5qWMbAk7Q

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

wh6a

Decoy

tair-lift-42713.bond

ventura-homes.net

anvasbackred.shop

icksandmore.net

untsvilleboatrentals.net

xyv.lat

hbvc.xyz

uang88-toko.xyz

ersonalisedwrappingpaper.online

reepoin1.buzz

hosemansisthis.xyz

64kyt6v.christmas

qgbiwbk.shop

reywolfcdn.net

rupovvz.online

ras-es-0.bond

latitudinarian.world

eamautorent.online

rioritymarketingsolutions.world

merican-viplata-peoplleua.world

Targets

- Target
  
  BASF PETRONAS Chemicals Request For Quotation.exe
- Size
  
  1.1MB
- MD5
  
  66e0bb9c0260fe4eb10e6c6868ea2a77
- SHA1
  
  f9ca35c22c827757b168be84d7ff746be855755b
- SHA256
  
  cfe4c0048184b00ed3af5a0a191baf693752c793f010ae05c3caff2253052d12
- SHA512
  
  3572972cbd1f08ab3add9d32d1785d066fd9eab9b248cbb33969d9f8fbac2c600050e4c5931f247e5acbbf20bb8e30e01513ecae4033f060b07a314b078e8e7c
- SSDEEP
  
  24576:3AHnh+eWsN3skA4RV1Hom2KXMmHa9ZLa5KmMb0e3F+X5:qh+ZkldoPK8Ya9ZLatMb0e3w
Score

10^/10

formbook wh6a discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2