formbook

General

Target

25092024_0830_23092024_DHL-SHIPPING-DOC-PDF.gz
Size

558KB
Sample

240925-keka6avgpj
MD5

8c0ac45753ce234486d7594f7f8e7424
SHA1

c40b5ca5385d697ca4a4171818f1d51cb967085f
SHA256

756db7866cc334380713ba1b28d75b2547791abcfb7d8b920f38d9a61662eae6
SHA512

55bbdf7cd77c20aefff6c57c0ffeae627d42a1707441b23e7f17b71c6449dab160e5a6aa151b47f9b90df9c62c52e10ca6cee7c4d4f08f63811b64fcb4bb6e34
SSDEEP

12288:bjqZRDHx51JctwX0L6tsIalSBmBUqXQJvIdqFrq//StRz8i:buZPy2X0uEQBmTXa3rq3Sf

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mu94

Decoy

thenextamendment.net

automatiza.xyz

psikologhazelgungor.com

90857.net

robertoblondetrealtor.site

rv0awy.rest

74657.ooo

adigidea.com

world-healing.online

health4world.com

shyan.fun

anviltotable.com

vinger.online

juizltd.com

twmk.asia

cakescrushbyruby.com

listxtreme.com

00050026.xyz

finessedesignhouse.com

jsmm-27.xyz

Targets

- Target
  
  DHL-SHIPPING-DOC-PDF.exe
- Size
  
  620KB
- MD5
  
  a43cc03d734b4becbab994c00a2616bc
- SHA1
  
  e6bf1562c7c898572c65f47c949466a77da869c5
- SHA256
  
  965a24873fd5b2b10bf655cb07c4fcf6308981caac305b1e0a15d2332ae779b2
- SHA512
  
  9282a26ef04ed2456bed6cd3f5f159ce9e0b1902a36efddcf69ce6bb5a33b71e09284f0d7f5f2f3b40a5d520177075eb1eb9d6dcf7b6cc0a273eff20e68e8fc6
- SSDEEP
  
  12288:KOK/Jtxt1JiTwtOZZBFdctsKdKyBp+dqnHcaI97yNtQ8bQbcEukR:K5/hostOZZrWlFNcaI97MTIcE1
Score

10^/10

formbook mu94 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

System Network Configuration Discovery

1

T1016

Internet Connection Discovery

1

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2