formbook

General

Target

7ac762996cb380e79c8e0f47c6b60807b36bab8e69cd1066923970ac0f84a856
Size

628KB
Sample

240906-gyryka1bkd
MD5

ebf64349f14145790b8115fd480c85e2
SHA1

05817103b93d8d4f6b447a5ff1e87269e98c3477
SHA256

7ac762996cb380e79c8e0f47c6b60807b36bab8e69cd1066923970ac0f84a856
SHA512

da6b6b784cd36f4f3a9e22d4e8fb4e86f4cb95a0da15c6462618d9afd54ee6e2dab7dac4f9ae8171c64cf5a8536cc5eab419739eb9babf0caed04cc11903bc5a
SSDEEP

12288:BW69wt1Ng3Ubco+MFDw7yp/bhDrH3Sk3rP9+xGHwfsM0F7ztvz:BWnt1Ng3Ud6yBIk3R+N0Mwzdz

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b31a

Decoy

enjamin-paaac.buzz

mail-marketing-40950.bond

pusems28-post.cyou

hindo.top

ruck-company-be.today

asinos-deutschland.net

ewancash.boats

etdopovo.casino

rcher-saaac.buzz

871166.vip

manuel.app

g3yqo.shop

-9way.xyz

qawgytfexe.bond

iefi6834.vip

ental-health-35901.bond

idat-merkez18.top

rojectleadzone.website

lirudolph.top

migloballlc.online

Targets

- Target
  
  s5BoOx01cFwsJjj.exe
- Size
  
  710KB
- MD5
  
  bd662a24f6fa0baf3dc0ebbbbcff95f3
- SHA1
  
  0884f3b80326d9e0a2938b5614bb14c8257c680b
- SHA256
  
  86d99c72901376e045ed7c2972dfc6a211c911f3771ca67dfc08084c3b42861b
- SHA512
  
  2737e41471b7b0660d7326740faf7e0e81daf1507066de5080db62ff81a63cc68c04ca659976514f1089557976dea158a95a552daa7b61936cc835302d21b2e1
- SSDEEP
  
  12288:hPPDMPeu8yYWewt1l6Fk/Qi+obTM9Evrbh3nD3skFx/1kRGDwTMM2FvrFbs:VL835t1l6FktOEDqkFrkLQM0r
Score

10^/10

formbook b31a discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2