formbook

General

Target

Receipt PDF.rar
Size

547KB
Sample

240917-mqfhfsydrm
MD5

68ecb524324866ea580d97005258a458
SHA1

33c2e06037f562f4b59f7a605d7289b82f324bc0
SHA256

24c86f8db82fd871cd4d79e85c6264e28869f04d9f74fc24a3d441bfda3cbd60
SHA512

13c52ad2165f0c1732292b9e1597b890eac30120b42b8b57a4d39d653b07aeaeda5cdd60ecb46d0f31139cb8b8d679a473966e8ceadee1a63739cdfdfa40a61e
SSDEEP

12288:UHjHHFayBnehjXxhTLx+D9fP92KWq4Ouo2vy0xf3BxSr9guFY1PekbcX6:kjHHFRUhrTLxkP9bWqBj2/fxxruqf

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

he2a

Decoy

070001606.xyz

jesuseascriancas.online

as-eltransport.xyz

bankditalia-company.online

linkedin-stijngraat.online

sportsbetd.xyz

spanish-classes-76893.bond

infonation.pro

nxwzbze.forum

rush-pay.biz

fulfillmissions.lat

infolungcancer.xyz

aqario.xyz

omepro.solar

jackmanmueshl.shop

amcart.store

ishanaudichya.xyz

sun4rk.shop

depression-test-74287.bond

chipit.shop

Targets

- Target
  
  Receipt PDF.exe
- Size
  
  641KB
- MD5
  
  6a0dc9f764c4e326faf105082b1220eb
- SHA1
  
  5fb78d7780bfdeafc61dc897156205683cda46dc
- SHA256
  
  73699fb799b654f0e3e4650a7dde83bc89ae755194fe36fd4b8a62eb6b2569c3
- SHA512
  
  2bd8c8c9a0f2d10e0846a896b8c0898d41b5ba0ed6f2f3096881ab67e65abcf27a8ab93ddf61242de532d3451b488669b89b3e7aeca3bed6c1d5813d21aad0c7
- SSDEEP
  
  12288:aDhc0KfYWrTlsvX46akIza5jnlrBIBKJBbYdPIqPpzXCcE:aDYf3KvX44Iza5jlrSKJ1YrpDX
Score

10^/10

formbook he2a discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2