formbook

General

Target

8215f0a542629e502e4b27019455d0dd2636712c14eaa43501ed4c836f566593.zip
Size

730KB
Sample

240925-cg6m6s1fmc
MD5

5b14186f7872d6679dbc552e62cad798
SHA1

a3330f7247c2b90186f196fba6a49e5e5e99bfb4
SHA256

8215f0a542629e502e4b27019455d0dd2636712c14eaa43501ed4c836f566593
SHA512

b592949c540e62c0affe4abb517d8da6a96877c5099375d1e4507e0b148a4594f0c9cbe5ece6354573b3ce847502c21a960ae92b6303fa40f2640a57b01c26c4
SSDEEP

12288:h/gBT51V14eECqni+OaKi4qRZVhuKFqNrUrReqGHiZBGjA/q8KoJL3Rg:NgBTS7ntV4q7WxUNeq3fPq

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c89p

Decoy

ftersaleb.top

dcustomdesgins.net

ostbet2024.live

rhgtrdjdjytkyhretrdjfytd.buzz

atauniversity.tech

idoctor365.net

x-design-courses-29670.bond

ellowold-pc.top

ransportationmmsytpro.top

areerfest.xyz

artiresbah-in.today

ijie.pro

torehousestudio.info

69-11-luxury-watches.shop

earing-tests-44243.bond

hits.shop

hzl9.bond

lood-test-jp-1.bond

livialiving.online

usymomsmakingmoney.online

Targets

- Target
  
  Quotation #10091.exe
- Size
  
  744KB
- MD5
  
  1f3a6997ed55ef6be6beccfc1996e011
- SHA1
  
  e79c2dde745697bace3bc0efceb136b4796b61a0
- SHA256
  
  36421bdf90ea83d4e677a54710f4d35e2bc15a1222c4abb17e78996029f53c97
- SHA512
  
  75a895a1e52929af7c3799ac4a609989246659c2e3cf9dc076bc873d089dbd47219eeb8ba4fdcb82c8fe5d1215dbd0f59eab69b43afe782e8268b140a5cdcb18
- SSDEEP
  
  12288:v6Wq4aaE6KwyF5L0Y2D1PqLRMiO8RxrhwK9kNr2rReqSHmZBGtA/q80okL3Rf:tthEVaPqLRlO8VCx2NeqlTOt
Score

10^/10

formbook c89p discovery rat spyware stealer trojan upx
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2