formbook

General

Target

399dc7332538d76c80c9ca2d8f9c98f61f71a8f01e516c8c59163d72bbe5a55f
Size

609KB
Sample

240908-kdygdswbql
MD5

b9197bd78834b2c302f9f7c9a0860f0d
SHA1

d8a6656ee4792598e7c9d4ce8ec02064c908bae1
SHA256

399dc7332538d76c80c9ca2d8f9c98f61f71a8f01e516c8c59163d72bbe5a55f
SHA512

36c67cfff4b410c652462e1c5327d1477a8fb46247478678896b251c79318d806aa63347bb662e24b6a6afcee8a1c7509bff848f5cd2b6fc59d6006e9d61ccb1
SSDEEP

12288:kQvLOoEd4YDvqdFS8vuZSzxEROvRn48O1OwcwEqvKKp:Fji4rE8vDL9TOIwtMKp

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

he2a

Decoy

070001606.xyz

jesuseascriancas.online

as-eltransport.xyz

bankditalia-company.online

linkedin-stijngraat.online

sportsbetd.xyz

spanish-classes-76893.bond

infonation.pro

nxwzbze.forum

rush-pay.biz

fulfillmissions.lat

infolungcancer.xyz

aqario.xyz

omepro.solar

jackmanmueshl.shop

amcart.store

ishanaudichya.xyz

sun4rk.shop

depression-test-74287.bond

chipit.shop

Targets

- Target
  
  TaM7bqgMSWHgB70.exe
- Size
  
  759KB
- MD5
  
  7964a64e6b4d057c5499ee8014065ca9
- SHA1
  
  2d35cd22d3c737deffa70a849b2532a611706bb4
- SHA256
  
  0689efc1f50248e1c54837bb7c19113fd293eb18623147113910df57017fe260
- SHA512
  
  3dc319baeee1fbc73931d56515898bfc9e84d7638185597fc0c71e503700dd664c12b1ce6dd46e8a2ab3e13ac49b7898497bd9067e198296b0f9d1752d832a2a
- SSDEEP
  
  12288:kREG1UoIG5MPUgo7CXeLZfWdmI5uX+KFejLbOPrAfrNuctl:6RUobyemifWdm+uX+FLb2iua
Score

10^/10

formbook he2a discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2