formbook

General

Target

LYONSOFTCOOP.V.Envoorden240187fecha02092024.exe
Size

1.0MB
Sample

240903-jlnrgs1elm
MD5

6febb30bdf76d3c49b5dbfbb383c722a
SHA1

80bf8a349e3fcc290bed8b2e371e3f530f09ead4
SHA256

e171a6d388f4cd1e2051d0f29b720c84a52876a3208af1824e9b634c2117b4ee
SHA512

8f4728cf9aa371702934f9225d6c3ed74a0cbb762d22e6914a39a2cec8102a97a26382133b0116b2c9fce8d09ad35de8e61bd7aadad1af0d091a6b980791f4f3
SSDEEP

24576:YAHnh+eWsN3skA4RV1Hom2KXMmHapDXeClYMJLj5:fh+ZkldoPK8YapzpR

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rn94

Decoy

st68v.xyz

conciergenotary.net

qwechaotk.top

rtpdonatoto29.xyz

8ad.xyz

powermove.top

cameras-30514.bond

vanguardcoffee.shop

umoe53fxc1bsujv.buzz

consultoriamax.net

hplxx.com

ndu.wtf

yzh478c.xyz

bigbrown999.site

xiake07.asia

resdai.xyz

the35678.shop

ba6rf.rest

ceo688.com

phimxhot.xyz

Targets

- Target
  
  LYONSOFTCOOP.V.Envoorden240187fecha02092024.exe
- Size
  
  1.0MB
- MD5
  
  6febb30bdf76d3c49b5dbfbb383c722a
- SHA1
  
  80bf8a349e3fcc290bed8b2e371e3f530f09ead4
- SHA256
  
  e171a6d388f4cd1e2051d0f29b720c84a52876a3208af1824e9b634c2117b4ee
- SHA512
  
  8f4728cf9aa371702934f9225d6c3ed74a0cbb762d22e6914a39a2cec8102a97a26382133b0116b2c9fce8d09ad35de8e61bd7aadad1af0d091a6b980791f4f3
- SSDEEP
  
  24576:YAHnh+eWsN3skA4RV1Hom2KXMmHapDXeClYMJLj5:fh+ZkldoPK8YapzpR
Score

10^/10

formbook rn94 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Blocklisted process makes network request

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2