formbook

General

Target

16092024091216092024RFQREFJTCAJCQINHP5TISL0009ALDHAFRAALJABERSUPPLY.zip
Size

934KB
Sample

240916-ma3ytasclj
MD5

3f8bdebacbb560b2a43895b9f2450f47
SHA1

3677b368af393ba2a2deaf49dc6182bde0c4e769
SHA256

7c3d71786ef85ec70f27b53e7bdd98f202398a77d52399d49135cf5e187a3dab
SHA512

b3c06a9d290cb593dfbec09cb2dabb38f444177bdd1ffb146bb948327a5cb116e4e1a62b705ee8a7f699d1ad7976a3d3e19edf482c991a9c010898514147d357
SSDEEP

24576:39ku+84jWVcYVvoqY2kiUlWHyM/bfUfOccxNlIcthLO6Tf+K74:39kuhq69VBY2ssLQfMycLOy2K74

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bs26

Decoy

bhkflatforsale.today

89486.cyou

asstortlawsuit-26.today

935fkg.top

lanetaryadventure.website

5-77.xyz

yankosensei.top

esasi.boats

ortasmundial.online

gfo.net

mhgriu.xyz

440.top

52zh366hq.bond

arage-door-tab.fun

heriffburns.info

ndogamingslot.club

lrinstlusa.today

ssdefdhet.fun

dbg.net

ome-remodeling-82737.bond

Targets

- Target
  
  RFQ REF-JTCAJC-QINHP5-TIS-L0009- (AL DHAFRA) AL JABER - SUPPLY.exe
- Size
  
  959KB
- MD5
  
  a4be50bb39110e49c1d2fc87ccc12f56
- SHA1
  
  ffc4874f95b0c774ad54988350128eadfaeebc23
- SHA256
  
  b967a8b7765a762514d4b8d172fabb655af83d7279fd15cd513e217675ce96a9
- SHA512
  
  241476b5ab26dc7a8673daca8cb6b76b46b9e87092e09e7db643368b8514d439e1bf502a42b9f6b082ce2fc92c3ca2141bd34e8068bc77820c06d4892242f575
- SSDEEP
  
  24576:hiUmSB/o5d1ubcvLiUlytyo/bfUbycmjNlscnVDO8TR+KDV:h/mU/ohubcvhMXQb6kcROgIKD
Score

10^/10

formbook bs26 discovery rat spyware stealer trojan upx
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Drops startup file

Executes dropped EXE

Loads dropped DLL

UPX packed file

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2