formbook

General

Target

f3243a385c52c660c7c590a7ef77324199c3ccdd8fb70ed3292028afc2583c82.rar
Size

730KB
Sample

240925-c91bvstdnh
MD5

7a6ad3eb134817a5399fbaa75751e0d5
SHA1

d62b0881467259c994f4c302a91eec65cf92b24a
SHA256

f3243a385c52c660c7c590a7ef77324199c3ccdd8fb70ed3292028afc2583c82
SHA512

8d2de632a73e751ba6a88e38792eca7fdb57bb8c9bb1426fc5f566ce642961d86a39848b1e0d050759851170a292890cd5722d523df1060836bf0297afbe1c38
SSDEEP

12288:zeWptFedEgot+gCiaZvUzXKHdiTH8E6zhGI0e73FUMFvAVa+1A+qWdtj80Noetkz:zTeOgwCi8v4X0diTHTNk3qMFnCdtjVSp

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c89p

Decoy

ftersaleb.top

dcustomdesgins.net

ostbet2024.live

rhgtrdjdjytkyhretrdjfytd.buzz

atauniversity.tech

idoctor365.net

x-design-courses-29670.bond

ellowold-pc.top

ransportationmmsytpro.top

areerfest.xyz

artiresbah-in.today

ijie.pro

torehousestudio.info

69-11-luxury-watches.shop

earing-tests-44243.bond

hits.shop

hzl9.bond

lood-test-jp-1.bond

livialiving.online

usymomsmakingmoney.online

Targets

- Target
  
  M20240930086..exe
- Size
  
  744KB
- MD5
  
  1f3a6997ed55ef6be6beccfc1996e011
- SHA1
  
  e79c2dde745697bace3bc0efceb136b4796b61a0
- SHA256
  
  36421bdf90ea83d4e677a54710f4d35e2bc15a1222c4abb17e78996029f53c97
- SHA512
  
  75a895a1e52929af7c3799ac4a609989246659c2e3cf9dc076bc873d089dbd47219eeb8ba4fdcb82c8fe5d1215dbd0f59eab69b43afe782e8268b140a5cdcb18
- SSDEEP
  
  12288:v6Wq4aaE6KwyF5L0Y2D1PqLRMiO8RxrhwK9kNr2rReqSHmZBGtA/q80okL3Rf:tthEVaPqLRlO8VCx2NeqlTOt
Score

10^/10

formbook c89p discovery rat spyware stealer trojan upx
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2