formbook

General

Target

SOA.zip
Size

855KB
Sample

240920-fdj7jszcqj
MD5

e2c1ff9fc3bb3ba6270a8f2d1bb73deb
SHA1

5252d298c74e5aa7b559bf65b7ea1f58c93c9f05
SHA256

7886862c8e3398b7a5e37de9406d001497710e060b1a86e172e2cf907386090d
SHA512

818f56868f53ded2f3905ca51d94eb22642f3d808fe256c6db5fa462632233063886f2d658074ce111450e30bcb7a00adfc7cd5930ae088f91d77dfb009c5690
SSDEEP

24576:WzaqtRE5KkvYYg1lTZl5sMR48Gu8tEBE1+Oe:2DWKkwXP5fvTM+J

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c24t

Decoy

ealthbridgeccs.online

ngelicais.art

uktuksu1.sbs

fapoker.asia

hecreature.tech

orenzoplaybest14.xyz

op-smartphones-deal.today

delark.click

7395.asia

otnews.cfd

j16e.xyz

oko.events

fscxb.top

roudtxliberals.vote

asas-br.bond

ourhealthyourlife.shop

fbpd.top

j9u9.xyz

uijiuw.top

aming-chair-37588.bond

Targets

- Target
  
  SOA.zip
- Size
  
  855KB
- MD5
  
  e2c1ff9fc3bb3ba6270a8f2d1bb73deb
- SHA1
  
  5252d298c74e5aa7b559bf65b7ea1f58c93c9f05
- SHA256
  
  7886862c8e3398b7a5e37de9406d001497710e060b1a86e172e2cf907386090d
- SHA512
  
  818f56868f53ded2f3905ca51d94eb22642f3d808fe256c6db5fa462632233063886f2d658074ce111450e30bcb7a00adfc7cd5930ae088f91d77dfb009c5690
- SSDEEP
  
  24576:WzaqtRE5KkvYYg1lTZl5sMR48Gu8tEBE1+Oe:2DWKkwXP5fvTM+J
Score

1^/10
behavioral1 behavioral2
- Target
  
  SOA.exe
- Size
  
  1.1MB
- MD5
  
  8b22b618c1532585a65a3cfe829018ab
- SHA1
  
  1c86d17a59b3630829d579a5b7f2d365c0081a6a
- SHA256
  
  9244e7f4c9184e0087ea02ee9ae60f70fce3dc9e049956e1a30bbff947bbfb35
- SHA512
  
  cf2cdfcbeb20a63ca1c08cccb9ca154a0854b5835a41b206285feebe3a0bbbea52c0e604d1c4fec1219bfcbe3add48abbb6e228866416085bd04a84e59e813d7
- SSDEEP
  
  24576:uRmJkcoQricOIQxiZY1iaCTb1lxlb5qUf48Gu4zEBr1+OZ:7JZoQrbTFZY1iaC7n5RvZJ+4
Score

10^/10

formbook c24t discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4