formbook

General

Target

fc0811ee2baf6763e128641ee0499160N.exe
Size

726KB
Sample

240905-25w63stcnr
MD5

fc0811ee2baf6763e128641ee0499160
SHA1

40f7134e7ea292bd068145155796b396c8537af4
SHA256

4a43e11ef89937899b693503f07525735c54e122053b9a9384a55df403c930af
SHA512

594292b3d0665fc340981f59b0d8c9621d1eaba9ae5b06d8c6a1d85dde940ea2f15aeca3adbbcb33656caedf1d35e78d38e7c852b64e30ab672c2424836ebc85
SSDEEP

12288:zUpOJEqPeu6bYTReSqs9dzQl3BkobD/gZ0z:YpaEqPeu0GRks7SBzbDG0

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ucze

Decoy

motorcyclemagician.com

powerreport.xyz

ychfgdne.icu

presentschein.com

seabreathing.com

stlukeyouth.com

ifixconstruction.repair

thietbikhaithacdatuanphat.com

hexdeville.com

xn--planungsbro-stanko-u6b.net

elisebruneau.com

yxflwwbvz.icu

wafirainteriors.com

hexok.com

krewedubethkevin.com

lassilacgi.com

bestvolvowebsite.com

clarissajaneen.com

foreverchemicallawsuit.com

ebizkendra.com

Targets

- Target
  
  fc0811ee2baf6763e128641ee0499160N.exe
- Size
  
  726KB
- MD5
  
  fc0811ee2baf6763e128641ee0499160
- SHA1
  
  40f7134e7ea292bd068145155796b396c8537af4
- SHA256
  
  4a43e11ef89937899b693503f07525735c54e122053b9a9384a55df403c930af
- SHA512
  
  594292b3d0665fc340981f59b0d8c9621d1eaba9ae5b06d8c6a1d85dde940ea2f15aeca3adbbcb33656caedf1d35e78d38e7c852b64e30ab672c2424836ebc85
- SSDEEP
  
  12288:zUpOJEqPeu6bYTReSqs9dzQl3BkobD/gZ0z:YpaEqPeu0GRks7SBzbDG0
Score

10^/10

formbook ucze discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2