formbook

General

Target

20240929162138.exe
Size

1.1MB
Sample

240919-sq8f5avgqd
MD5

98e9de2d6078c01e65d3f41ab1edb255
SHA1

b48af26ed35457a945ea8283b5ac3e53d626a26e
SHA256

3c321f4c7feb1233711409ad1fc9371732c24a302d3e5b9cd5e238ab1a638288
SHA512

99c003bdcd15576f4a686d4a945b2993f426ff95858409cf3afdf005a0e39850cd1db955445ec8a2ba394bfdde0b3a9682161edf6fb68752db815f473903d8d0
SSDEEP

24576:uRmJkcoQricOIQxiZY1iaCc3cPGY9obOhDzA1iu/RZxUkx:7JZoQrbTFZY1iaCkzbOhuNRZqkx

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c24t

Decoy

ealthbridgeccs.online

ngelicais.art

uktuksu1.sbs

fapoker.asia

hecreature.tech

orenzoplaybest14.xyz

op-smartphones-deal.today

delark.click

7395.asia

otnews.cfd

j16e.xyz

oko.events

fscxb.top

roudtxliberals.vote

asas-br.bond

ourhealthyourlife.shop

fbpd.top

j9u9.xyz

uijiuw.top

aming-chair-37588.bond

Targets

- Target
  
  20240929162138.exe
- Size
  
  1.1MB
- MD5
  
  98e9de2d6078c01e65d3f41ab1edb255
- SHA1
  
  b48af26ed35457a945ea8283b5ac3e53d626a26e
- SHA256
  
  3c321f4c7feb1233711409ad1fc9371732c24a302d3e5b9cd5e238ab1a638288
- SHA512
  
  99c003bdcd15576f4a686d4a945b2993f426ff95858409cf3afdf005a0e39850cd1db955445ec8a2ba394bfdde0b3a9682161edf6fb68752db815f473903d8d0
- SSDEEP
  
  24576:uRmJkcoQricOIQxiZY1iaCc3cPGY9obOhDzA1iu/RZxUkx:7JZoQrbTFZY1iaCkzbOhuNRZqkx
Score

10^/10

formbook c24t discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2