formbook

General

Target

36421bdf90ea83d4e677a54710f4d35e2bc15a1222c4abb17e78996029f53c97.exe
Size

744KB
Sample

240924-wn4xpszgqh
MD5

1f3a6997ed55ef6be6beccfc1996e011
SHA1

e79c2dde745697bace3bc0efceb136b4796b61a0
SHA256

36421bdf90ea83d4e677a54710f4d35e2bc15a1222c4abb17e78996029f53c97
SHA512

75a895a1e52929af7c3799ac4a609989246659c2e3cf9dc076bc873d089dbd47219eeb8ba4fdcb82c8fe5d1215dbd0f59eab69b43afe782e8268b140a5cdcb18
SSDEEP

12288:v6Wq4aaE6KwyF5L0Y2D1PqLRMiO8RxrhwK9kNr2rReqSHmZBGtA/q80okL3Rf:tthEVaPqLRlO8VCx2NeqlTOt

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c89p

Decoy

ftersaleb.top

dcustomdesgins.net

ostbet2024.live

rhgtrdjdjytkyhretrdjfytd.buzz

atauniversity.tech

idoctor365.net

x-design-courses-29670.bond

ellowold-pc.top

ransportationmmsytpro.top

areerfest.xyz

artiresbah-in.today

ijie.pro

torehousestudio.info

69-11-luxury-watches.shop

earing-tests-44243.bond

hits.shop

hzl9.bond

lood-test-jp-1.bond

livialiving.online

usymomsmakingmoney.online

Targets

- Target
  
  36421bdf90ea83d4e677a54710f4d35e2bc15a1222c4abb17e78996029f53c97.exe
- Size
  
  744KB
- MD5
  
  1f3a6997ed55ef6be6beccfc1996e011
- SHA1
  
  e79c2dde745697bace3bc0efceb136b4796b61a0
- SHA256
  
  36421bdf90ea83d4e677a54710f4d35e2bc15a1222c4abb17e78996029f53c97
- SHA512
  
  75a895a1e52929af7c3799ac4a609989246659c2e3cf9dc076bc873d089dbd47219eeb8ba4fdcb82c8fe5d1215dbd0f59eab69b43afe782e8268b140a5cdcb18
- SSDEEP
  
  12288:v6Wq4aaE6KwyF5L0Y2D1PqLRMiO8RxrhwK9kNr2rReqSHmZBGtA/q80okL3Rf:tthEVaPqLRlO8VCx2NeqlTOt
Score

10^/10

formbook c89p discovery rat spyware stealer trojan upx
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2