formbook

General

Target

21092024_0046_20092024_Signed Contract.zip
Size

806KB
Sample

240921-a435fsxcrq
MD5

36d6e5517a4dd1774c8bf14eec168759
SHA1

a3054d724323a6c7dfb07edcef4e87dafcd9b87b
SHA256

051507ce9a32a7049aa92a678d40d91610287d761c5878def31c627da31c2066
SHA512

909ceb0f8d39626f4556363d44c4c38b3e2d1c8e7baa09392b4dd418469b33e3dabc43dddb32533e3fbdf1362c25c04a870505e0014dc44d09f5c2474e010770
SSDEEP

24576:EzaqtRE5KkvYGknBJ8wjqJ1lly3KKwkxgH:ADWKkwGIwwS4Zwk+

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c89p

Decoy

ftersaleb.top

dcustomdesgins.net

ostbet2024.live

rhgtrdjdjytkyhretrdjfytd.buzz

atauniversity.tech

idoctor365.net

x-design-courses-29670.bond

ellowold-pc.top

ransportationmmsytpro.top

areerfest.xyz

artiresbah-in.today

ijie.pro

torehousestudio.info

69-11-luxury-watches.shop

earing-tests-44243.bond

hits.shop

hzl9.bond

lood-test-jp-1.bond

livialiving.online

usymomsmakingmoney.online

Targets

- Target
  
  Signed Contract.exe
- Size
  
  1.1MB
- MD5
  
  9cff570bbd99193ba8618ba6c5491a13
- SHA1
  
  3848185fe5c08b05b27fbfa65cfadbf3096e908d
- SHA256
  
  ede8ae39d91066365f959fc9c98f0b47add88604ce95829a9618a15274faef3f
- SHA512
  
  191376aa71d6119d270a13692e8eadd06a492bc6777313fcc7bc27ebdc3244e902703bd8b206c3bfddf353131e1c2c9b7014e346649d1eb691d426d13764b34b
- SSDEEP
  
  24576:uRmJkcoQricOIQxiZY1iaC+BJ8a3qVH/by3Q4w0jgo:7JZoQrbTFZY1iaC+wakmnw0X
Score

10^/10

formbook c89p discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2