formbook

General

Target

2.exe
Size

185KB
Sample

240906-y6737awdpr
MD5

cb90c75f8cbbbcc3f74ee22288c800a1
SHA1

1c84ad88465e6eb1b91dfaf099bf2697e44ccc0d
SHA256

b3d45d85cba27f6900215868e9e6e9a97fb95648a42396305cd8bcb50c8e80d0
SHA512

22e8fd5f34e92ffb92e362efdc3866c9bfab68a5f6f463f64ae4f16876722dd4595e0cff34f970dd87140859b58e6acdb20c8b82f27ed42bbf7cc80f46e7a314
SSDEEP

3072:8MHDFaMPRIjxWcy4C9y30XclW6Qilinp0fJ4XNZkAC581h/dgHG0uD1X4/qZa:e7UL4Co3js6QilinA4XN+zKh/uG0u5XC

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

l26n

Decoy

vtxapg.bond

iscussatthetable.net

q5b2.vip

urculturalbuzz.buzz

0xfulisuo.xyz

iz-kyc.online

atladies4kamala.vote

aison-maison.xyz

codom73.online

aosecurity.online

szxart.xyz

ergecast.net

ealker.pro

hickensforkfc.net

ldoradocasino-uee.top

afiqgroup.net

ercania.net

sdc.ngo

raphic-design-degree-37012.bond

888yl123.vip

Targets

- Target
  
  2.exe
- Size
  
  185KB
- MD5
  
  cb90c75f8cbbbcc3f74ee22288c800a1
- SHA1
  
  1c84ad88465e6eb1b91dfaf099bf2697e44ccc0d
- SHA256
  
  b3d45d85cba27f6900215868e9e6e9a97fb95648a42396305cd8bcb50c8e80d0
- SHA512
  
  22e8fd5f34e92ffb92e362efdc3866c9bfab68a5f6f463f64ae4f16876722dd4595e0cff34f970dd87140859b58e6acdb20c8b82f27ed42bbf7cc80f46e7a314
- SSDEEP
  
  3072:8MHDFaMPRIjxWcy4C9y30XclW6Qilinp0fJ4XNZkAC581h/dgHG0uD1X4/qZa:e7UL4Co3js6QilinA4XN+zKh/uG0u5XC
Score

10^/10

formbook l26n discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2