formbook

General

Target

f4366c4289cb957c9b488392ad24b2192c1c905f275bcdb1ca2f9fca37f4e4e8
Size

707KB
Sample

240917-m3xbqsyhre
MD5

5df9043e538693e2a834d6eb20ba32f8
SHA1

c394dbbb990aba0790ad366df7c4a03afbfc4c34
SHA256

f4366c4289cb957c9b488392ad24b2192c1c905f275bcdb1ca2f9fca37f4e4e8
SHA512

f54a62e8081c28790dc769c3a82e4e70c1fb6388896f67e169570c072737c82745c4e7aab129b02f9ee6a0cef390f0765549a7e1f4c57e19a9f9ac7ac3f1942a
SSDEEP

12288:ftU0wFQtr2hf4pz2McEwW+7D8Xq1q5s3j0gMiwVjJ:ftUNuw9e2MQn3j0FHBJ

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g65s

Decoy

uel-fleet-cards-29924.bond

axmz.digital

nnovationmarble.net

beldgfhcbcdry23164dfvc.yachts

risula888x.top

nvestment-services-84967.bond

hviugld.shop

edona-train-tours-us.today

ada.design

ibrarybeauty.online

eminipros.top

r-outsourcing-20490.bond

7mfx.bond

drwviol.xyz

opfilmestorrents.net

ai-saaaa.buzz

eanfreau.net

ighwaldholding.biz

angwood-roleplay.online

ucinghoki.fun

Targets

- Target
  
  ADOC WCMM-2401356 SLEEVE PACKING, ENERGIZER (RFQ.NO. PI-UT-2401253).exe
- Size
  
  1.1MB
- MD5
  
  3b40b771bf49996b4b35e06da9605fc5
- SHA1
  
  97a482e2dd4f1f72455062d8676575692def61df
- SHA256
  
  5e5e27104528c8102ae9df4a4b846144c898e2b742c7be1e425f2f741ed8d38c
- SHA512
  
  91330f8418fad0355919bf4b64c8b4335d19e4a1948adb01b8824760c8f5c56be5cc533294a5d742c22992e44ec6fa4bbb2bea363e06b375d2ff464de592c839
- SSDEEP
  
  24576:oAHnh+eWsN3skA4RV1Hom2KXMmHakAeddnj0bdae5:vh+ZkldoPK8YakAosv
Score

10^/10

formbook g65s discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2