formbook

General

Target

ORDER_1105-19-24-3537.pdf.exe
Size

1.1MB
Sample

240924-llgpaashka
MD5

e1f17be548b37efc77198e39fa5edcac
SHA1

8c735e99a902c7c8cb5d387b17f40cae08eabe61
SHA256

e0374712b7f2b3605536f4b48018ed3bf0b54c04d9758988b261aad23a755a44
SHA512

888110656bff78c283c13bd68373dd39966ddc26e589a988b1c8edb5312fc7e9848ddf7f9cfa84b5438563b8316f896031795d5330aa62244277566009e07e32
SSDEEP

24576:uRmJkcoQricOIQxiZY1iaCBAPFfCxwaHvhwb+/RWSWdFc2lIi2x:7JZoQrbTFZY1iaC8o6b2IILJ

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rn94

Decoy

st68v.xyz

conciergenotary.net

qwechaotk.top

rtpdonatoto29.xyz

8ad.xyz

powermove.top

cameras-30514.bond

vanguardcoffee.shop

umoe53fxc1bsujv.buzz

consultoriamax.net

hplxx.com

ndu.wtf

yzh478c.xyz

bigbrown999.site

xiake07.asia

resdai.xyz

the35678.shop

ba6rf.rest

ceo688.com

phimxhot.xyz

Targets

- Target
  
  ORDER_1105-19-24-3537.pdf.exe
- Size
  
  1.1MB
- MD5
  
  e1f17be548b37efc77198e39fa5edcac
- SHA1
  
  8c735e99a902c7c8cb5d387b17f40cae08eabe61
- SHA256
  
  e0374712b7f2b3605536f4b48018ed3bf0b54c04d9758988b261aad23a755a44
- SHA512
  
  888110656bff78c283c13bd68373dd39966ddc26e589a988b1c8edb5312fc7e9848ddf7f9cfa84b5438563b8316f896031795d5330aa62244277566009e07e32
- SSDEEP
  
  24576:uRmJkcoQricOIQxiZY1iaCBAPFfCxwaHvhwb+/RWSWdFc2lIi2x:7JZoQrbTFZY1iaC8o6b2IILJ
Score

10^/10

formbook rn94 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2