formbook

General

Target

6e86565b90ed8574be0a828972f44194c222968fc60f730087e220eb475bd81a
Size

519KB
Sample

240919-wxzz4stbpl
MD5

ea9b876152edc89f74db76dc97039d62
SHA1

b3c9110fd0f11ac27d0fe14a44d25b80c5420415
SHA256

6e86565b90ed8574be0a828972f44194c222968fc60f730087e220eb475bd81a
SHA512

a94ad57cf4e563810127ec7d2866b9ce50ced4b1b1d60e1fef738d89534adad5b9232493c7b18a4761777feabc6e0bcc4c048ac0227900962a7c8e1460e65664
SSDEEP

12288:jeGY7KPq6glTceL/I77Nr2m0Ao2mL6ObEXu7/DUrR:jedceTVLeaQPmLfbj7QR

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b31a

Decoy

enjamin-paaac.buzz

mail-marketing-40950.bond

pusems28-post.cyou

hindo.top

ruck-company-be.today

asinos-deutschland.net

ewancash.boats

etdopovo.casino

rcher-saaac.buzz

871166.vip

manuel.app

g3yqo.shop

-9way.xyz

qawgytfexe.bond

iefi6834.vip

ental-health-35901.bond

idat-merkez18.top

rojectleadzone.website

lirudolph.top

migloballlc.online

Targets

- Target
  
  Fedex Awb Details_pdf.exe
- Size
  
  597KB
- MD5
  
  76aade8ab10a9b3905c5f70932cfbf0c
- SHA1
  
  d8121a7513306da0cbf09cbda5005fc63f76d262
- SHA256
  
  e915f0f594c0cc1c43241cbe47784d5a203dc521c341eb8aa95c6e6d10ff65b3
- SHA512
  
  dfda440ab221993a379bd67eb7d636bddd11cd2d1fd4dd1e21a38f04fbdad7b150f3455bd918a9f9283152599075f6b4fbefdf7ebe0984e8a038742a30a5fc87
- SSDEEP
  
  12288:gmKuY7YDwSgBTh9I1v9r2eI8Q2Wz6iFWX4DiZC:DKFsoTKa0nWzTFBmC
Score

10^/10

formbook b31a discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2