formbook

General

Target

c99c9f29ff7e94a3e83af1ca7872deace5c089b7913781c8d35f8e3134d34da0
Size

531KB
Sample

240915-mjjxasyfqc
MD5

aa332f0f7f34e50237ce5f1010290526
SHA1

b4d1dd9b934617ac619dc6bbd8f7f2976aeba616
SHA256

c99c9f29ff7e94a3e83af1ca7872deace5c089b7913781c8d35f8e3134d34da0
SHA512

eb7671cab16de0028fd09e155cb065c0abe09281004915d1aefddefa5370a99132e8b559275926c0f1f9bac97da4d16ef73bbfc8130c6d391997fdf41ab0ab11
SSDEEP

6144:P8nTTKdtIN4jsb1xiD08lR/NW9c6xYK2h70BkzJyGKVgQ5i5r8ngTXaAqhwLEXCA:0nfKdmNe+xiDwCK27Kbg5Yg7SXzzN

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b31a

Decoy

enjamin-paaac.buzz

mail-marketing-40950.bond

pusems28-post.cyou

hindo.top

ruck-company-be.today

asinos-deutschland.net

ewancash.boats

etdopovo.casino

rcher-saaac.buzz

871166.vip

manuel.app

g3yqo.shop

-9way.xyz

qawgytfexe.bond

iefi6834.vip

ental-health-35901.bond

idat-merkez18.top

rojectleadzone.website

lirudolph.top

migloballlc.online

Targets

- Target
  
  pzUHRx6alP7phBn.exe
- Size
  
  571KB
- MD5
  
  312f45637432b1efec858ed32bdef462
- SHA1
  
  b23e75b94b84b31edaa0793b1228c444254effa2
- SHA256
  
  af4f28ed9e5d8205220c60f42668e6576233f54885c63fcaf43c2315328f45f1
- SHA512
  
  ca43f80d928b567803aa1597469a5fcc8cae580aa1e8a4c26d6ed248eb8e2414b56c11a23452679d60888d5f31344a0eaa7284168c38b3676475235561de7ad3
- SSDEEP
  
  6144:ohYWUks3Gmjob1xiDu8lJ/NY9m6xYcqhB01kDryaKngqBi+/baDlXuS+hwtTuKS6:6cSxiDUQcqTKtBF/kN2mflW+X0cV
Score

10^/10

formbook b31a discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2