formbook

General

Target

0318fac012cb6517f70ca7ff5553cf59faba507b0f65936350c5450de62a2adf
Size

578KB
Sample

240911-edm3rssarf
MD5

6787c9bfb9384ba53ef4c8aa4218ab0f
SHA1

0f7972df7f38c470742a66822e4e0549e4a82caa
SHA256

0318fac012cb6517f70ca7ff5553cf59faba507b0f65936350c5450de62a2adf
SHA512

3c7c3f07acb170a46a84022b58a01e8ba1af59fc4f557e162bcac1b63082009b1e0f18baf7c3dea296308f2e1441d3da8facea96dab793bf7a8f30a550823e8a
SSDEEP

12288:Lcfkm+bi2nXp+VjfG8HNrMiuhT4327UBl0WYdUD/H1sgF0K3:LxZ+Vju55T4G410g

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b31a

Decoy

enjamin-paaac.buzz

mail-marketing-40950.bond

pusems28-post.cyou

hindo.top

ruck-company-be.today

asinos-deutschland.net

ewancash.boats

etdopovo.casino

rcher-saaac.buzz

871166.vip

manuel.app

g3yqo.shop

-9way.xyz

qawgytfexe.bond

iefi6834.vip

ental-health-35901.bond

idat-merkez18.top

rojectleadzone.website

lirudolph.top

migloballlc.online

Targets

- Target
  
  LVThgpHFRmrdHY0.exe
- Size
  
  611KB
- MD5
  
  509cdfecf3cf6fe8d3def69f6c64e9de
- SHA1
  
  d2b20716d3b7601506fb31551d5f235a117d4277
- SHA256
  
  c601518d243a95bd69059eee0bd30095ecd0bc33f2ffce671b695145429913b1
- SHA512
  
  c93a06b7df80ac9896bf40bacce1d64036a4d5ace3ef94fb456c4f5c7df98fecb8bfde421bb95c2e2f57552ce5349d6f243f5e521dfffe7374ebb47dddc5f233
- SSDEEP
  
  12288:YP7kvDoQ7+M+fjf+oH3bMyuhVAJ2LsBwaUJ/H1S0DM:YPonR+fj2bpVA4B+0I
Score

10^/10

formbook b31a discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2