formbook

General

Target

92ea4b0cf6fcc26690114a899d13c975134d5e21b33d2cb6087ef8c336826f19.exe
Size

1.1MB
Sample

240920-bx1anasekn
MD5

4863ac582a190c191b7ac02e0e463ac3
SHA1

686cf063bdd59d93a8b0890e73f324df68ae6139
SHA256

92ea4b0cf6fcc26690114a899d13c975134d5e21b33d2cb6087ef8c336826f19
SHA512

1a0b10a9b973b744180a4e849cfe5b05068ff4fa9417eb3313817cc63527706df33d4362accb598249dc5c05cbfe6217143f82d8bdaa708531a4e8fea19ec6fb
SSDEEP

24576:oAHnh+eWsN3skA4RV1Hom2KXMmHapQYCg7myTaDZP5:vh+ZkldoPK8YapQ9ELA

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ot96

Decoy

yclingbear.studio

sxuio.xyz

eon-official-bk-o57v.buzz

teel.management

rusjitu.sbs

ighwald-holdings.info

ummitfinancal.vip

layvalleyconstruction.online

pp-games-efficsecuspon.xyz

ouh.shop

mgltd.services

gshsjwhgsg.fun

eidotijolo.online

yifg.sbs

nline-gaming-ox-mx.xyz

ux-money.info

inergiputraborneo.dev

panish-classes-67016.bond

reightrading.info

23bet.xyz

Targets

- Target
  
  92ea4b0cf6fcc26690114a899d13c975134d5e21b33d2cb6087ef8c336826f19.exe
- Size
  
  1.1MB
- MD5
  
  4863ac582a190c191b7ac02e0e463ac3
- SHA1
  
  686cf063bdd59d93a8b0890e73f324df68ae6139
- SHA256
  
  92ea4b0cf6fcc26690114a899d13c975134d5e21b33d2cb6087ef8c336826f19
- SHA512
  
  1a0b10a9b973b744180a4e849cfe5b05068ff4fa9417eb3313817cc63527706df33d4362accb598249dc5c05cbfe6217143f82d8bdaa708531a4e8fea19ec6fb
- SSDEEP
  
  24576:oAHnh+eWsN3skA4RV1Hom2KXMmHapQYCg7myTaDZP5:vh+ZkldoPK8YapQ9ELA
Score

10^/10

formbook ot96 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2