formbook

General

Target

51e821e5dd5bfdbfe93ef02b2d5994ef0502a7f649369220b8734820d9478416
Size

558KB
Sample

240909-x7p4bswbjp
MD5

a0fc2695280f2056eaef5f96016e91b7
SHA1

81adde2e5aacd7241ca18eb8c3b94930c0a58666
SHA256

51e821e5dd5bfdbfe93ef02b2d5994ef0502a7f649369220b8734820d9478416
SHA512

f6c03d16038a0dadf8bd34a71266d66672d9d03225ba66383936345a11909ec478e171f55d0d87b7761d5d70c633f596d7d12ac626db4dc9eceaf93c0c38b766
SSDEEP

12288:6QNTrLUhLeay9JUWIem7pJJ5ux1oLwW06yzRqSE7Oc/SbPuQA:tTrwpeamIz7pJJ5QoLwW0xGr/wuZ

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

he2a

Decoy

070001606.xyz

jesuseascriancas.online

as-eltransport.xyz

bankditalia-company.online

linkedin-stijngraat.online

sportsbetd.xyz

spanish-classes-76893.bond

infonation.pro

nxwzbze.forum

rush-pay.biz

fulfillmissions.lat

infolungcancer.xyz

aqario.xyz

omepro.solar

jackmanmueshl.shop

amcart.store

ishanaudichya.xyz

sun4rk.shop

depression-test-74287.bond

chipit.shop

Targets

- Target
  
  t5ueYgHiHnIdeNe.exe
- Size
  
  684KB
- MD5
  
  a2d4be5c186159147645f2ff6ee1f690
- SHA1
  
  1799cfb6c5ca5224d72d7f1696ad36c2624fd057
- SHA256
  
  9f67248a754e414ffb2361932c591abe39581b21a20d51ccb46db5e534a9531c
- SHA512
  
  29b5307b7d05827b6c6bb8489357d6abbd8e293dd56a6f6a65d2af59111fbb9e0aa2a786ce0690b5eea6c025e3e78523c5cc7a193cf23dfb4f95863a94aa44b0
- SSDEEP
  
  12288:mdODvVloha83lbhzRbIniLawF+poiDsv6z6ViEqtwsdf9i72l4:XyhaUlVzRlqpEv6z6ViZm0fkE4
Score

10^/10

formbook he2a discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2