formbook | 4643babc9d9d875dd9f884f2a50c9f07b50915c806c375a57c0a0c0e02c49d6e | Triage

Sharing

General

Target

4643babc9d9d875dd9f884f2a50c9f07b50915c806c375a57c0a0c0e02c49d6e.rar
Size

752KB
Sample

240925-b25e6szfme
MD5

2801899ab3fb610dfd68e5e7866da84b
SHA1

ebe7178b867d5314e2a42164a58f04b234c2e557
SHA256

4643babc9d9d875dd9f884f2a50c9f07b50915c806c375a57c0a0c0e02c49d6e
SHA512

3c0ec2cd11a90de6a680277d35da6253b008cb4eedd90f1db5d3cab9ea52690cfcb7ef1966e0809aeafc85bfd88e82b580ff88124b3c00bb37fcc422cae906ae
SSDEEP

12288:YHWZ/8wBZ1yqrK6Y5wTfOQR4yBtKTGWVuNE2R/Iu3kvZNQ1CXzNhJUw4:Y2Z/8wBZQq/Y5wTGQeqKTGWerAu3SuCe

Score

10^/10

formbook e62s discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

e62s

Decoy

ellinksa.shop

uckyspinph.xyz

owdark.net

arriage-therapy-72241.bond

w7ijko4rv4p97b.top

heirbuzzwords.buzz

aspart.shop

ctivemail5-kagoya-com.info

shacertification9.shop

zitcd65k3.buzz

llkosoi.info

ru8.info

rhgtrdjdjykyetrdjftd.buzz

yschoollist.kiwi

oftfolio.online

rograma-de-almacen-2.online

oudoarms.top

mwquas.xyz

orjagaucha.website

nlinechat-mh.online

Targets

- Target
  
  SOA CARGO SHIPPING-202409-USD-24405.00.exe
- Size
  
  1.1MB
- MD5
  
  d2e4e90dd7b91cdedd4f5f2fe58184b0
- SHA1
  
  9bb020d804cb5119842b15dd6cec240337ebb5b3
- SHA256
  
  d680261fb4d68f03216d8cb56648bce8a416b821a9692e14789eccbe24c8f04f
- SHA512
  
  38a37a4c69286b7d34b86ae5ab27ac76d26868a329e86ff0342f31d5ef25c408f25328999bfa970b86f2fac67cf7f00875bdd8b5d5751b1d8d281c44028563ed
- SSDEEP
  
  24576:uRmJkcoQricOIQxiZY1iaC+Yu82vCaskCebDy0DQ:7JZoQrbTFZY1iaC+QgC5Svy7
Score

10^/10

formbook e62s discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooke62sdiscoveryratspywarestealertrojan

behavioral2

formbooke62sdiscoveryratspywarestealertrojan