formbook

General

Target

8e3182d757bc0bf0c8621baeef4e8c36fa410f5810c765fe4cb077edbdd9f43a
Size

828KB
Sample

240917-stggta1amm
MD5

7d2bb31b33102db6e26f2038a38a19a3
SHA1

2af5ee6a438bd90e2d9e7f34343dfd8f19c14c82
SHA256

8e3182d757bc0bf0c8621baeef4e8c36fa410f5810c765fe4cb077edbdd9f43a
SHA512

9aa3a4d4a5ffa6c312fc39646fdb161095d48ccd7529c195cc174d75c457289a2f6837c4bcffeb3072d845639c99ec66c44c3795bb24ff897b431dc600f75a0f
SSDEEP

24576:3cJEB5LjqrivHp8BFlEZjLPwMkQALUejUrZ1mfu/mt:3cw5LOOC0ZjLIMkDxULmfu/mt

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c24t

Decoy

ealthbridgeccs.online

ngelicais.art

uktuksu1.sbs

fapoker.asia

hecreature.tech

orenzoplaybest14.xyz

op-smartphones-deal.today

delark.click

7395.asia

otnews.cfd

j16e.xyz

oko.events

fscxb.top

roudtxliberals.vote

asas-br.bond

ourhealthyourlife.shop

fbpd.top

j9u9.xyz

uijiuw.top

aming-chair-37588.bond

Targets

- Target
  
  Enquiry.exe
- Size
  
  1.1MB
- MD5
  
  b0ef6712d51b09cebdb50d6ca2f1f906
- SHA1
  
  2cf014ea0e857d0665e5c4969f5b997c1750737e
- SHA256
  
  48c36aaa98d96dfef34731302ab42e3b1fb5450af4f032ae68500eba9440555b
- SHA512
  
  04e0273aae2d9d1a7313942867d656a214b96c495575e9ad0ce6090cd8ecd05c2165fd4b42b54b7135f83fcc8594e3c537eb68cd3e4c643db35c3fa6dfff108b
- SSDEEP
  
  24576:dRmJkcoQricOIQxiZY1iadvFzj9veM6Q6xCCjArrlmbuUmf:SJZoQrbTFZY1iadNzj9GM6X/A1mbuUmf
Score

10^/10

formbook c24t discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2