formbook

General

Target

d58fab60c4219b29dff06c1156c4a5b1995639d7434c3d48fe9fb1033ca02bdc
Size

806KB
Sample

240920-sghjcataml
MD5

8112805f330c72b995af17d807acc0cd
SHA1

5e423c14508f6fd9395ded20751b62429685a07d
SHA256

d58fab60c4219b29dff06c1156c4a5b1995639d7434c3d48fe9fb1033ca02bdc
SHA512

bdf704912af14ef19e4b377cb4c3ea77b507975804ad53b89653502f0990aaf71fc4bef8ab53f8781013e1679a2e1b03b7e1761f8dac5ee41429032f9fa27582
SSDEEP

24576:mzaqtRE5KkvYGknBJ8wjqJ1lly3KKwkxgd:GDWKkwGIwwS4Zwk+

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c89p

Decoy

ftersaleb.top

dcustomdesgins.net

ostbet2024.live

rhgtrdjdjytkyhretrdjfytd.buzz

atauniversity.tech

idoctor365.net

x-design-courses-29670.bond

ellowold-pc.top

ransportationmmsytpro.top

areerfest.xyz

artiresbah-in.today

ijie.pro

torehousestudio.info

69-11-luxury-watches.shop

earing-tests-44243.bond

hits.shop

hzl9.bond

lood-test-jp-1.bond

livialiving.online

usymomsmakingmoney.online

Targets

- Target
  
  Payment Copy.exe
- Size
  
  1.1MB
- MD5
  
  9cff570bbd99193ba8618ba6c5491a13
- SHA1
  
  3848185fe5c08b05b27fbfa65cfadbf3096e908d
- SHA256
  
  ede8ae39d91066365f959fc9c98f0b47add88604ce95829a9618a15274faef3f
- SHA512
  
  191376aa71d6119d270a13692e8eadd06a492bc6777313fcc7bc27ebdc3244e902703bd8b206c3bfddf353131e1c2c9b7014e346649d1eb691d426d13764b34b
- SSDEEP
  
  24576:uRmJkcoQricOIQxiZY1iaC+BJ8a3qVH/by3Q4w0jgo:7JZoQrbTFZY1iaC+wakmnw0X
Score

10^/10

formbook c89p discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2