formbook

General

Target

t5ueYgHiHnIdeNe.exe
Size

684KB
Sample

240909-mtd4sstdqk
MD5

a2d4be5c186159147645f2ff6ee1f690
SHA1

1799cfb6c5ca5224d72d7f1696ad36c2624fd057
SHA256

9f67248a754e414ffb2361932c591abe39581b21a20d51ccb46db5e534a9531c
SHA512

29b5307b7d05827b6c6bb8489357d6abbd8e293dd56a6f6a65d2af59111fbb9e0aa2a786ce0690b5eea6c025e3e78523c5cc7a193cf23dfb4f95863a94aa44b0
SSDEEP

12288:mdODvVloha83lbhzRbIniLawF+poiDsv6z6ViEqtwsdf9i72l4:XyhaUlVzRlqpEv6z6ViZm0fkE4

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

he2a

Decoy

070001606.xyz

jesuseascriancas.online

as-eltransport.xyz

bankditalia-company.online

linkedin-stijngraat.online

sportsbetd.xyz

spanish-classes-76893.bond

infonation.pro

nxwzbze.forum

rush-pay.biz

fulfillmissions.lat

infolungcancer.xyz

aqario.xyz

omepro.solar

jackmanmueshl.shop

amcart.store

ishanaudichya.xyz

sun4rk.shop

depression-test-74287.bond

chipit.shop

Targets

- Target
  
  t5ueYgHiHnIdeNe.exe
- Size
  
  684KB
- MD5
  
  a2d4be5c186159147645f2ff6ee1f690
- SHA1
  
  1799cfb6c5ca5224d72d7f1696ad36c2624fd057
- SHA256
  
  9f67248a754e414ffb2361932c591abe39581b21a20d51ccb46db5e534a9531c
- SHA512
  
  29b5307b7d05827b6c6bb8489357d6abbd8e293dd56a6f6a65d2af59111fbb9e0aa2a786ce0690b5eea6c025e3e78523c5cc7a193cf23dfb4f95863a94aa44b0
- SSDEEP
  
  12288:mdODvVloha83lbhzRbIniLawF+poiDsv6z6ViEqtwsdf9i72l4:XyhaUlVzRlqpEv6z6ViZm0fkE4
Score

10^/10

formbook he2a discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2