formbook

General

Target

06092024_1405_04092024_ORDEN_04.09.2024 DON LAFFAN.pdf.uue
Size

578KB
Sample

240906-rdtxja1cpg
MD5

050f800f01ce5f9759b576d6c6c3358a
SHA1

07ca458075fb8cf53706db168e87f1e67b63758a
SHA256

186e62cd26852abfd4a761c6a5118cd32d1fedd4ff52d7085feca0ff48c4cb84
SHA512

7cdc6e8f9ea142c25f03a43229a9684a08f5f75f4ed92e7a36e4fb5dc834306e62da4b10ce638e4071152a3de1859913b106f913a6245c8b780c26f63c5e1d8a
SSDEEP

12288:l250MUQXB5yrhI/2QyeJwV68VoEckH1TRo3KSLX08SDbfd5qyLTHFd:l25/UwB5Og2Qxww8SX0TRARE8ob15qyn

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rn94

Decoy

st68v.xyz

conciergenotary.net

qwechaotk.top

rtpdonatoto29.xyz

8ad.xyz

powermove.top

cameras-30514.bond

vanguardcoffee.shop

umoe53fxc1bsujv.buzz

consultoriamax.net

hplxx.com

ndu.wtf

yzh478c.xyz

bigbrown999.site

xiake07.asia

resdai.xyz

the35678.shop

ba6rf.rest

ceo688.com

phimxhot.xyz

Targets

- Target
  
  ORDEN_04.09.2024 DON LAFFAN.pdf.exe
- Size
  
  1.2MB
- MD5
  
  4fe114deb063606d6786cc3d0390174f
- SHA1
  
  7dd471d40977da29e0d1b00394ef82cbe33766d2
- SHA256
  
  0d7511007c8c1e3b7dacf41792a9307b71504c33bdcfa78367384475e2fa7cb3
- SHA512
  
  68e1267e48bb55bfcaeabca144c2fc43d21173359157b31359db49ddf3144d97f1ddbca442f4e5af9c984c6641d7e18014604a69b29ee6f7378184bb2d3aa95c
- SSDEEP
  
  24576:LAHnh+eWsN3skA4RV1Hom2KXMmHajnpfF2WIB6Eluhh5:mh+ZkldoPK8YajnlcB6V
Score

10^/10

formbook rn94 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Drops startup file

Executes dropped EXE

Loads dropped DLL

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2