formbook

General

Target

pzUHRx6alP7phBn.exe
Size

571KB
Sample

240917-n191gs1era
MD5

312f45637432b1efec858ed32bdef462
SHA1

b23e75b94b84b31edaa0793b1228c444254effa2
SHA256

af4f28ed9e5d8205220c60f42668e6576233f54885c63fcaf43c2315328f45f1
SHA512

ca43f80d928b567803aa1597469a5fcc8cae580aa1e8a4c26d6ed248eb8e2414b56c11a23452679d60888d5f31344a0eaa7284168c38b3676475235561de7ad3
SSDEEP

6144:ohYWUks3Gmjob1xiDu8lJ/NY9m6xYcqhB01kDryaKngqBi+/baDlXuS+hwtTuKS6:6cSxiDUQcqTKtBF/kN2mflW+X0cV

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b31a

Decoy

enjamin-paaac.buzz

mail-marketing-40950.bond

pusems28-post.cyou

hindo.top

ruck-company-be.today

asinos-deutschland.net

ewancash.boats

etdopovo.casino

rcher-saaac.buzz

871166.vip

manuel.app

g3yqo.shop

-9way.xyz

qawgytfexe.bond

iefi6834.vip

ental-health-35901.bond

idat-merkez18.top

rojectleadzone.website

lirudolph.top

migloballlc.online

Targets

- Target
  
  pzUHRx6alP7phBn.exe
- Size
  
  571KB
- MD5
  
  312f45637432b1efec858ed32bdef462
- SHA1
  
  b23e75b94b84b31edaa0793b1228c444254effa2
- SHA256
  
  af4f28ed9e5d8205220c60f42668e6576233f54885c63fcaf43c2315328f45f1
- SHA512
  
  ca43f80d928b567803aa1597469a5fcc8cae580aa1e8a4c26d6ed248eb8e2414b56c11a23452679d60888d5f31344a0eaa7284168c38b3676475235561de7ad3
- SSDEEP
  
  6144:ohYWUks3Gmjob1xiDu8lJ/NY9m6xYcqhB01kDryaKngqBi+/baDlXuS+hwtTuKS6:6cSxiDUQcqTKtBF/kN2mflW+X0cV
Score

10^/10

formbook b31a discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2