formbook

General

Target

SecuriteInfo.com.Win32.PWSX-gen.3894.15937.exe
Size

741KB
Sample

240903-exhmdsyapf
MD5

0bc52d55c4cf2357b2f5a535141c39c4
SHA1

df115cf05f84f41d1309fb35308f359200209286
SHA256

df40a36c01c2a67d0343913950f8c79d0937dcb2e29d7fa4d12dba92128efc02
SHA512

b0a71d513a27b35419110f3dc55c2f4f754c018e47214561152985ad918ff80c681ac94f23fc4f8ae48e4a75a06ceb4543d78e7f2980ae636e523ca13fc12128
SSDEEP

12288:Z3zjLf30WH0TwOqp0c4yKJ0Gin+LwXZhJ0JxxboCsioM+h5oh8Bhat1hM:Zjj0ywkpLFKJ0CEpQJV3yjoOBhk

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b31a

Decoy

enjamin-paaac.buzz

mail-marketing-40950.bond

pusems28-post.cyou

hindo.top

ruck-company-be.today

asinos-deutschland.net

ewancash.boats

etdopovo.casino

rcher-saaac.buzz

871166.vip

manuel.app

g3yqo.shop

-9way.xyz

qawgytfexe.bond

iefi6834.vip

ental-health-35901.bond

idat-merkez18.top

rojectleadzone.website

lirudolph.top

migloballlc.online

Targets

- Target
  
  SecuriteInfo.com.Win32.PWSX-gen.3894.15937.exe
- Size
  
  741KB
- MD5
  
  0bc52d55c4cf2357b2f5a535141c39c4
- SHA1
  
  df115cf05f84f41d1309fb35308f359200209286
- SHA256
  
  df40a36c01c2a67d0343913950f8c79d0937dcb2e29d7fa4d12dba92128efc02
- SHA512
  
  b0a71d513a27b35419110f3dc55c2f4f754c018e47214561152985ad918ff80c681ac94f23fc4f8ae48e4a75a06ceb4543d78e7f2980ae636e523ca13fc12128
- SSDEEP
  
  12288:Z3zjLf30WH0TwOqp0c4yKJ0Gin+LwXZhJ0JxxboCsioM+h5oh8Bhat1hM:Zjj0ywkpLFKJ0CEpQJV3yjoOBhk
Score

10^/10

formbook b31a discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2