formbook

General

Target

FedexExpressAWBPDF.exe
Size

570KB
Sample

240922-nw4b5sxgqr
MD5

14ede9b23957c1f6951f9349aac1e5ff
SHA1

eaba8b3dd5cb1d90dc648f004b40410979d09e36
SHA256

42e319dba75dc914d5645a6fc1025984c6e64a34303cb7c5e9b936aade524efe
SHA512

6b10adbae6db67ff112a4dc74ddd31c525c5c96c78fef46231d79b2c653b4d042b28d2957fbe24a77c48176b481b0a69a321ba682c7e33bb33962abd114324f0
SSDEEP

12288:uHa0mNx2zIcbKWlCAH8ue+ISEyAxBjF7AHpuJotvbScHBzyyN8MwW:uqx2zd5p8Z+ISHAGschGyG

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b31a

Decoy

enjamin-paaac.buzz

mail-marketing-40950.bond

pusems28-post.cyou

hindo.top

ruck-company-be.today

asinos-deutschland.net

ewancash.boats

etdopovo.casino

rcher-saaac.buzz

871166.vip

manuel.app

g3yqo.shop

-9way.xyz

qawgytfexe.bond

iefi6834.vip

ental-health-35901.bond

idat-merkez18.top

rojectleadzone.website

lirudolph.top

migloballlc.online

Targets

- Target
  
  FedexExpressAWBPDF.exe
- Size
  
  570KB
- MD5
  
  14ede9b23957c1f6951f9349aac1e5ff
- SHA1
  
  eaba8b3dd5cb1d90dc648f004b40410979d09e36
- SHA256
  
  42e319dba75dc914d5645a6fc1025984c6e64a34303cb7c5e9b936aade524efe
- SHA512
  
  6b10adbae6db67ff112a4dc74ddd31c525c5c96c78fef46231d79b2c653b4d042b28d2957fbe24a77c48176b481b0a69a321ba682c7e33bb33962abd114324f0
- SSDEEP
  
  12288:uHa0mNx2zIcbKWlCAH8ue+ISEyAxBjF7AHpuJotvbScHBzyyN8MwW:uqx2zd5p8Z+ISHAGschGyG
Score

10^/10

discovery formbook b31a rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2