formbook

General

Target

24092024_1424_23092024_e-Invoice.zip
Size

749KB
Sample

240924-rq31zascle
MD5

8ffde54f0b9cbe573db561763fb42a1d
SHA1

005e826892636585b4af40da85686ac7de953975
SHA256

fee8e65741a4299887066d76517461bf40fa2941f2c5dac6cc3cb49b913a53ac
SHA512

74c5715e47a4fb408b7cc43af132767cee62e003f38cb89a9e8c0f832273bb9d30324a338c7b6ef7abe194f8083153bb13abaa37e99c41facf477409c397d659
SSDEEP

12288:s/gBT51V14eECqni+OaFAVk++bVsd61zQO+h5SATMnvrXZe53f:GgBTS7nt4CRPQHpTMvrXkv

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c89p

Decoy

ftersaleb.top

dcustomdesgins.net

ostbet2024.live

rhgtrdjdjytkyhretrdjfytd.buzz

atauniversity.tech

idoctor365.net

x-design-courses-29670.bond

ellowold-pc.top

ransportationmmsytpro.top

areerfest.xyz

artiresbah-in.today

ijie.pro

torehousestudio.info

69-11-luxury-watches.shop

earing-tests-44243.bond

hits.shop

hzl9.bond

lood-test-jp-1.bond

livialiving.online

usymomsmakingmoney.online

Targets

- Target
  
  e-Invoice.exe
- Size
  
  764KB
- MD5
  
  c29c35fdd0cb6fb2a67ebe5e66d031bf
- SHA1
  
  8069a08c89042bf1bff896e9d8a68f05db5af316
- SHA256
  
  7d99c8ec073617681fc7dca3714bce08da1e6a9920aa39b57af734238d5d685f
- SHA512
  
  f6dd09aae40a4aa6291d0d384f5b5d4fe94770df93585b235fed994f2dbbeb214550b0a3c55bb479f4c5b316520748d2ccec01b1b85e965fb0c51948d7a229b1
- SSDEEP
  
  12288:v6Wq4aaE6KwyF5L0Y2D1PqLXkK+rLst81zQw+h5GATMnNTXXe53V:tthEVaPqL059QhtTMNTXel
Score

10^/10

formbook c89p discovery rat spyware stealer trojan upx
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2