formbook

General

Target

#29469O204.zip
Size

757KB
Sample

240920-fdaywayhja
MD5

d48d690477c3bc2eae5b4d3106e74ceb
SHA1

6be1ae063be6a97a3232222edc3162cb69094e70
SHA256

72dac9f30361a0da4ae67ad693043953506314fdbdfa96a0e5ff50d797595d0d
SHA512

216a3ada3554604f6086472bb1b45810c9010da81809e0d7c3cf0e3152fc4ea25cd3d9d42d88177afb39d2123d5db722e6ad667c3f7e91b0aea78e56b9157758
SSDEEP

12288:T/gBT51V14eECqni+OaUPazqgY51s7aec6G0xS4Elb/KmfjOe2UUXom3kwPBrKL:zgBTS7nt6Ztmnc6vEhffj7UXom3fZG

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c89p

Decoy

ftersaleb.top

dcustomdesgins.net

ostbet2024.live

rhgtrdjdjytkyhretrdjfytd.buzz

atauniversity.tech

idoctor365.net

x-design-courses-29670.bond

ellowold-pc.top

ransportationmmsytpro.top

areerfest.xyz

artiresbah-in.today

ijie.pro

torehousestudio.info

69-11-luxury-watches.shop

earing-tests-44243.bond

hits.shop

hzl9.bond

lood-test-jp-1.bond

livialiving.online

usymomsmakingmoney.online

Targets

- Target
  
  #29469O204.zip
- Size
  
  757KB
- MD5
  
  d48d690477c3bc2eae5b4d3106e74ceb
- SHA1
  
  6be1ae063be6a97a3232222edc3162cb69094e70
- SHA256
  
  72dac9f30361a0da4ae67ad693043953506314fdbdfa96a0e5ff50d797595d0d
- SHA512
  
  216a3ada3554604f6086472bb1b45810c9010da81809e0d7c3cf0e3152fc4ea25cd3d9d42d88177afb39d2123d5db722e6ad667c3f7e91b0aea78e56b9157758
- SSDEEP
  
  12288:T/gBT51V14eECqni+OaUPazqgY51s7aec6G0xS4Elb/KmfjOe2UUXom3kwPBrKL:zgBTS7nt6Ztmnc6vEhffj7UXom3fZG
Score

1^/10
behavioral1 behavioral2
- Target
  
  #29469O204.exe
- Size
  
  772KB
- MD5
  
  96df83409286c456fa56c37a0d5098be
- SHA1
  
  9140c707f2e625caa4f300ccbc2c1f7136048b64
- SHA256
  
  1dab7f07bfa344e601226bc0657decbabd3b421fd207e031ae99ccfbc5637414
- SHA512
  
  3ea8150f356a1ba5ab75f6d49db8fa7e0cc86aa850575f605df308de4ba9248739745f5ade53135ac5be167abeb5246b0452141091a3665f0ff19f09e806557f
- SSDEEP
  
  12288:v6Wq4aaE6KwyF5L0Y2D1PqLv/ZbzqgYP1Q7aem6GKxA4ElbxKEfbOeuOU5Km3awZ:tthEVaPqLv/Eb2nm8VEHffb/U5Km3ZkG
Score

10^/10

formbook c89p discovery rat spyware stealer trojan upx
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  out.upx
- Size
  
  634KB
- MD5
  
  d67ea5285c3c56c6fdc8f2a28354bd44
- SHA1
  
  53350bfe1a1c7b668cd42bc7c1eddc4383875b85
- SHA256
  
  fcdf46fc4db849adf0b4127317d2bbc86ab9d00d1756095f7d0f98f835276c2a
- SHA512
  
  6e2c876f5102336c6ff825ecd4319bc1fb2a2343b04606d60d9640fc0c1baf3f2be1d0b3f37dd5d40d9e4df49c8299322fbc97e9b4f9f50dbcbd71f700ce16d1
- SSDEEP
  
  12288:WhkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJc:GRmJkcoQricOIQxiZY1
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

UPX packed file

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6