formbook

General

Target

02fea259c2c89804f3847b05591768235e18208a7ee86a7f9b8da25d808122de
Size

546KB
Sample

240911-kwx9casapm
MD5

27decac2c2376a9a388116deac36df14
SHA1

6dc4066667562ae3e40c12394ba9a20fceb7c232
SHA256

02fea259c2c89804f3847b05591768235e18208a7ee86a7f9b8da25d808122de
SHA512

7953a7bc6f357d214b53399e7bb8617cfc880ab8e3610a583e996fc8df36092806e8cddb1579c2d3f265d7d3108ca5f7366c3d437ac515a2aa883712ba905348
SSDEEP

12288:WK/+QZhyLWUWPvsKPdkO0FcH5K4kmKOjABdWwBx2w94nsgOEu:WKRZMajnvpk0IkHns5

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b31a

Decoy

enjamin-paaac.buzz

mail-marketing-40950.bond

pusems28-post.cyou

hindo.top

ruck-company-be.today

asinos-deutschland.net

ewancash.boats

etdopovo.casino

rcher-saaac.buzz

871166.vip

manuel.app

g3yqo.shop

-9way.xyz

qawgytfexe.bond

iefi6834.vip

ental-health-35901.bond

idat-merkez18.top

rojectleadzone.website

lirudolph.top

migloballlc.online

Targets

- Target
  
  sRdjnXWxDaXi9aM.exe
- Size
  
  570KB
- MD5
  
  f4347ab1a21a8d5bb89536d4a0dc74c1
- SHA1
  
  13eda0794dce375300168f1c25141afe696cac44
- SHA256
  
  c66ab9498121b281c66643a069b22ef3f5d8eee36b9f36ce627eb91f09111d11
- SHA512
  
  d6cfd2276a6d8d4abf6e309093fa4f9d14cc4c8d675e711ec40e1f558da1fece67875f91bf720ca9a15d10d8659969c372d2822cdfd6fd82b8746b54d4c25fb8
- SSDEEP
  
  12288:2m7kvkyLcUWt96d/We0LyHvo4mmAA7c/H3r0jxqYZMWx8pbUiQJAiif:2moxwjL6tmIqrIcYt6e3Pif
Score

10^/10

formbook b31a discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2