formbook

General

Target

c238c87da66a473e332d47a34188110996e1c031b92305ce7c5360a599ac77a6
Size

831KB
Sample

240917-rzgt4aybje
MD5

c5daa8a679569112ff30ffe5c70643e2
SHA1

04756c7e1ae3e96bca08fed1228cde4d817460fd
SHA256

c238c87da66a473e332d47a34188110996e1c031b92305ce7c5360a599ac77a6
SHA512

08ded0877e8fadb3d2fccd67372082e71bec5dab2db838c5085cb3243c723e821ab9954f6583b08f4f65d7b20fbc40ef08eb96a9afd2968c9cd3194dc47f8f46
SSDEEP

24576:KzFh6Ax5KkdYBl80JumYDO62qWHrTlZ07zJd7:qFh6MKkWnJumIOl/Tc7zJF

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c24t

Decoy

ealthbridgeccs.online

ngelicais.art

uktuksu1.sbs

fapoker.asia

hecreature.tech

orenzoplaybest14.xyz

op-smartphones-deal.today

delark.click

7395.asia

otnews.cfd

j16e.xyz

oko.events

fscxb.top

roudtxliberals.vote

asas-br.bond

ourhealthyourlife.shop

fbpd.top

j9u9.xyz

uijiuw.top

aming-chair-37588.bond

Targets

- Target
  
  1105-12-24-3077-103-AUX ENGINE.exe
- Size
  
  1.1MB
- MD5
  
  2b7603ed4cda1e3f4a32e8b095d8b7a9
- SHA1
  
  4486a0bd55eb84fbad4f87cd2e1e24d72d5a8a2d
- SHA256
  
  4b82d5c42d137fa8eb1b6e835b24c1ff0d58ca98fffe8616d0391c1f71dbec64
- SHA512
  
  7f7c9d1b622db2bd6927d3f21fcde9f08ca1f100a297b3288a5b5eedc297a0d429f9ca7ffdbed2bf0af4c9774f10e1536c91f96d644848a8ecba7e64e5aa4f78
- SSDEEP
  
  24576:uRmJkcoQricOIQxiZY1iaCzquOApO6cqWdrzlfWRzFzR:7JZoQrbTFZY1iaCWuO0O5RzwRzFV
Score

10^/10

formbook c24t discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2