formbook | aa6fd7b98643c09c42d65612abe3ade20a8aea8c6f5401651a7334190dedfa4e | Triage

Sharing

General

Target

aa6fd7b98643c09c42d65612abe3ade20a8aea8c6f5401651a7334190dedfa4e
Size

540KB
Sample

240912-kvhghazern
MD5

8d9cfd371d9f3d742bb254d8ce25beb2
SHA1

d39ad4f9456d5ce5d8580cc960ef3b83a0c9d8df
SHA256

aa6fd7b98643c09c42d65612abe3ade20a8aea8c6f5401651a7334190dedfa4e
SHA512

1c046a6fae1bad711844e30b8c4a2aeee17827c4ead1484fba69490f0b920bb5e4f20268f23df58d89f98ebbc4b1ce268c40326ceedd09323b9df3e8844a483c
SSDEEP

12288:aup1t3+a1hufFg4tRhGkdH6WnWaUhvgI5Vs/pgW1ueAjk9/:ao+aSXt/vahakvgwVJe+k9/

Score

10^/10

formbook b31a discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b31a

Decoy

enjamin-paaac.buzz

mail-marketing-40950.bond

pusems28-post.cyou

hindo.top

ruck-company-be.today

asinos-deutschland.net

ewancash.boats

etdopovo.casino

rcher-saaac.buzz

871166.vip

manuel.app

g3yqo.shop

-9way.xyz

qawgytfexe.bond

iefi6834.vip

ental-health-35901.bond

idat-merkez18.top

rojectleadzone.website

lirudolph.top

migloballlc.online

Targets

- Target
  
  Shipping details_PDF.exe
- Size
  
  590KB
- MD5
  
  47e11dbf04815bbb17ec50b63567c366
- SHA1
  
  646233739ff14e0effc948c74489a7a6cb4b9be1
- SHA256
  
  ad81bd316fd64af3a8651803738cb61417dfc5ca76949c50933601f15623abc3
- SHA512
  
  ae3b95714843127bdbb919c8e29a06faa91af35531f4b454d81a5b9fe318b9655a31f429094150bad002272939649b0858683e7b399d1a82e686e3ae1d90ec73
- SSDEEP
  
  12288:i9JSW93wiCBmeFg4ZRVGGdH4GnW8UDnCOO75WZsiSIlYz/XH:jiWB9XZnFYR8onChsCr
Score

10^/10

formbook b31a discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookb31adiscoveryratspywarestealertrojan

behavioral2

formbookb31adiscoveryratspywarestealertrojan