formbook

General

Target

03092024_0051_02092024_LYONSOFT, COOP.V. - Envío orden 240187 fecha 02-09-2024.xz
Size

556KB
Sample

240903-a7ntyatcnh
MD5

271575cdcae7f859191a882957b45ee2
SHA1

36b45a578ee7441365d2eeb0527956395bbbd403
SHA256

c5b4f21d712a3aad0610ddba1ac264b154bd9260196b8efd7b56a4dc76187d8a
SHA512

1ca64ebd43eef94618632d8eb6be988540c64d3e34424354b19bb0c5bf309c33c09427428609fc14a0264990ba12cbc2c7fade31b0dce0a12bc3341221b45768
SSDEEP

12288:J41n5pZUkj6c/2QyMCyU8DGHOEL9vZGsDdRskMA9Lj+9kQKGgFW:J415nb282QkHv9hGCohAhC93KG0W

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rn94

Decoy

st68v.xyz

conciergenotary.net

qwechaotk.top

rtpdonatoto29.xyz

8ad.xyz

powermove.top

cameras-30514.bond

vanguardcoffee.shop

umoe53fxc1bsujv.buzz

consultoriamax.net

hplxx.com

ndu.wtf

yzh478c.xyz

bigbrown999.site

xiake07.asia

resdai.xyz

the35678.shop

ba6rf.rest

ceo688.com

phimxhot.xyz

Targets

- Target
  
  LYONSOFT, COOP.V. - Envío orden 240187 fecha 02-09-2024.exe
- Size
  
  1.0MB
- MD5
  
  6febb30bdf76d3c49b5dbfbb383c722a
- SHA1
  
  80bf8a349e3fcc290bed8b2e371e3f530f09ead4
- SHA256
  
  e171a6d388f4cd1e2051d0f29b720c84a52876a3208af1824e9b634c2117b4ee
- SHA512
  
  8f4728cf9aa371702934f9225d6c3ed74a0cbb762d22e6914a39a2cec8102a97a26382133b0116b2c9fce8d09ad35de8e61bd7aadad1af0d091a6b980791f4f3
- SSDEEP
  
  24576:YAHnh+eWsN3skA4RV1Hom2KXMmHapDXeClYMJLj5:fh+ZkldoPK8YapzpR
Score

10^/10

formbook rn94 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2