formbook

General

Target

25092024_0657_23092024_INDEX#12.pdf.zip
Size

802KB
Sample

240925-hqya2s1eqr
MD5

a34d611b0a1d7df9adf81b4bc9950d54
SHA1

2e63339d4190cb52ff651e758ac16012963669c3
SHA256

a2edfc40b415990673011644ac81571701332292b243609a05a6e6e749afefa8
SHA512

e4a71b679e0aa3d06931bebb7bf4437a5bc9fae656e53bad4043b682dc8cec5abe05a5621783c2738beb51851990ec5719dfd979ded8d591e90cf8a39bd08564
SSDEEP

24576:dzFh6Ax5KkdYBl/0ZTXUzlBcxk/7SzC7u02:1Fh6MKkWqjUBB6u7Y

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k94g

Decoy

nstandgoz.xyz

dhd-treatment-37310.bond

13s-braces-us-ze.fun

umdona.shop

96ph803ql.bond

kka9max.net

corporate-10.xyz

edicalassistance869840.online

lobalresources-bh.xyz

3145978.xyz

ovdaawebsite.online

etting-thailand.net

icloud.xyz

poxk.shop

25ks-ls72510.cyou

women.info

iwyrfbfvhv9.asia

luratu.xyz

ffordable-power-charger.today

edanuryilmaz.xyz

Targets

- Target
  
  INDEX#12.pdf.exe
- Size
  
  1.1MB
- MD5
  
  960216d2900ef8b404fbb7dd26c8fc21
- SHA1
  
  3121f25fe1c6a382a0a834aa2e048c1294f2ba94
- SHA256
  
  8b2b710bb4858bb4cee90137e9184542552b53cba6adce6c47192e4ed2853fb0
- SHA512
  
  a47e66adab3d64af573471aef37a2e946e70be9e6f748ec0fd4e95bc88a9de7eaea1011c9a273191c984abae49d37749d07d33cb17acb78ffc215d58fda27e1a
- SSDEEP
  
  24576:uRmJkcoQricOIQxiZY1iaCod6Url5cPk/RmRU7aJ1:7JZoQrbTFZY1iaCo6Up5EG7+
Score

10^/10

formbook k94g discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2