formbook

General

Target

fbf4759a1be9b3f3a79ea76445343516a5eadc79281fe681aa0e3e3edcfecb59
Size

760KB
Sample

240910-btqxtasamb
MD5

56aa2ce5c72b01545152c8e6f33ea955
SHA1

ebbd067f5bb746d78703211f1a7a62e0c9de190d
SHA256

fbf4759a1be9b3f3a79ea76445343516a5eadc79281fe681aa0e3e3edcfecb59
SHA512

1855fc21e6a0c0d12f2efdb1fd333c903ad655f083bb5b21ba313f86c342f8cfe2eb9a0d66531932685874840ee0dba20085e5420ef91c506aaf4a7bbb01c65e
SSDEEP

12288:mnXhGxxDtzXE9/mGW2B5LUTAH0lYq/Ll6q9mpRXVW8h4nkVJQUe/4YepR/9Vt+nY:mnIjD21WmLHyYmcg8AkrQXAYySn109NB

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ot96

Decoy

yclingbear.studio

sxuio.xyz

eon-official-bk-o57v.buzz

teel.management

rusjitu.sbs

ighwald-holdings.info

ummitfinancal.vip

layvalleyconstruction.online

pp-games-efficsecuspon.xyz

ouh.shop

mgltd.services

gshsjwhgsg.fun

eidotijolo.online

yifg.sbs

nline-gaming-ox-mx.xyz

ux-money.info

inergiputraborneo.dev

panish-classes-67016.bond

reightrading.info

23bet.xyz

Targets

- Target
  
  DRAWING SINCOAUTOMATIOM86757786Ref6777POSINCOAUTOMATIOM86757786Ref6777.exe
- Size
  
  1.2MB
- MD5
  
  1876c101ef20d1d02f23014425ac06e1
- SHA1
  
  28abc61712aa81fe8f0838f1588cbd556d923e89
- SHA256
  
  1f4b2861d0fcd9241dfd17b5ae99741e712f0297ca5fb4f3858340ce3cbb91d0
- SHA512
  
  87e7838b5ef65a0c84c40e6d881f44a8af2a43354a1b7a9d301a3180ac2df77cfc4aac04aa4042e187959373b2c95d9ae62570a6c6e29bc982bfd5a5cb67398b
- SSDEEP
  
  24576:GqDEvCTbMWu7rQYlBQcBiT6rprG8an98M8HQXeYeun1033:GTvC/MTQYxsWR7an98M8wXi6
Score

10^/10

formbook ot96 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2