formbook

General

Target

2decfbf08f426be7ac5e3b7f9d15b487c1b37232e9aa194ae332a992243bec4f.exe
Size

1.1MB
Sample

240906-bgx6csxfpk
MD5

1a34b1af5509c7b01d9fdc36fbef6464
SHA1

e92acfbb76d82da1cd49fb7ee525d67c0582153e
SHA256

2decfbf08f426be7ac5e3b7f9d15b487c1b37232e9aa194ae332a992243bec4f
SHA512

f52f8300acfa03c2b8a9c7dbbc70d3671a1f83023fcba1eeee835b9b297a1516364be37d28d816fccd50a61af64461e4581d8558f3100635ef7c96c1e7226a84
SSDEEP

24576:xqDEvCTbMWu7rQYlBQcBiT6rprG8aC2FQpv62aEe86BY5qid5:xTvC/MTQYxsWR7aC2qpvw8

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m50k

Decoy

6353.club

qahzjgvuto.bond

airtransplantprice001.shop

enjamin-paaaa.buzz

ealthcare-softwares-my-de.xyz

aeempreendora.online

eaworld.website

ental-implants-spain-99823.bond

inanzcheckup.online

inematography-course-96303.bond

6325.club

wygbv.vip

onceng77gacor.xyz

arehouse-inventory-71481.bond

axihochheim.net

afeteraschile.today

gcq712.top

eonbets-zerkalo-vkhod-wout.buzz

mpathwaycounseling.net

b-0107.xyz

Targets

- Target
  
  2decfbf08f426be7ac5e3b7f9d15b487c1b37232e9aa194ae332a992243bec4f.exe
- Size
  
  1.1MB
- MD5
  
  1a34b1af5509c7b01d9fdc36fbef6464
- SHA1
  
  e92acfbb76d82da1cd49fb7ee525d67c0582153e
- SHA256
  
  2decfbf08f426be7ac5e3b7f9d15b487c1b37232e9aa194ae332a992243bec4f
- SHA512
  
  f52f8300acfa03c2b8a9c7dbbc70d3671a1f83023fcba1eeee835b9b297a1516364be37d28d816fccd50a61af64461e4581d8558f3100635ef7c96c1e7226a84
- SSDEEP
  
  24576:xqDEvCTbMWu7rQYlBQcBiT6rprG8aC2FQpv62aEe86BY5qid5:xTvC/MTQYxsWR7aC2qpvw8
Score

10^/10

formbook m50k discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2