formbook

General

Target

c3bcad079783994c120fac56b70a9c97eb75aa54418c3b68fd1bba0d01455d67
Size

587KB
Sample

240912-fl93yasdne
MD5

2e142bb9c8d38523e0403966efcc4008
SHA1

f52aaa1498b25a75b4d2981dd0172fd34fa13a9e
SHA256

c3bcad079783994c120fac56b70a9c97eb75aa54418c3b68fd1bba0d01455d67
SHA512

3975d236f8da0d3cae3d4f5cbc0e4adcc3411f8b0899aa5aa493356b945421db52efda50ac6fc6b06d6726d16a26ebe4f4095a8020f47a8a0374e92f21c2f46a
SSDEEP

12288:+n5y509+XgDAsxlehZXQ2iP3SN/RSRx/WpBMWJqNj2t3IEPwEGJ8HMlCt:y5M/CBehZAZU/RgApBnwNit3RkJ8HLt

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b31a

Decoy

enjamin-paaac.buzz

mail-marketing-40950.bond

pusems28-post.cyou

hindo.top

ruck-company-be.today

asinos-deutschland.net

ewancash.boats

etdopovo.casino

rcher-saaac.buzz

871166.vip

manuel.app

g3yqo.shop

-9way.xyz

qawgytfexe.bond

iefi6834.vip

ental-health-35901.bond

idat-merkez18.top

rojectleadzone.website

lirudolph.top

migloballlc.online

Targets

- Target
  
  PFmJ9j7Ndg2NERo.exe
- Size
  
  644KB
- MD5
  
  82f8c097337d6303b9b600515237006b
- SHA1
  
  91baaee26748c313f01940a6da9248b05b52187c
- SHA256
  
  3ba65c5187bfaf51f020ce9e3f36fe8b4effd7b91c5f2b1ff46b245580ade156
- SHA512
  
  7da9392c1a6db5ad0728a566fb1cd7cb3aef38a8e496f7d9931e02ce0ea86e8cbc303a402aa4cf10d667e23be3be303fadf3cbe9ad068530c7b71af88e446f04
- SSDEEP
  
  12288:3DzJpZqhzZQ2+P5SNJFS5lWW9jkWsTSuNt0/PIViwt5XHU:PdqhzaTyJFi9j/UN+/Psiw5
Score

10^/10

formbook b31a discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2