formbook

General

Target

25092024_0846_24092024_Demo Contract.zip
Size

730KB
Sample

240925-kpb3jawcmp
MD5

559abbddb8666fec8de511ce8b97aeda
SHA1

89466c47bc8a4d13ddfbfa982af3eba37fdf0790
SHA256

b564aac5720d84f4dfe4f1c2a480a61e1f95bd46abd490fb303761bc8d8c89e6
SHA512

0f94a98f35aebb999557490381b5827a0e62291611e7187848df3e3b2b6093f105c10f3869e8d74c47e5c1cdb5753d6db6c4e49677ec89f7acbe32f2b379e9f4
SSDEEP

12288:D/gBT51V14eECqni+OaKi4qRZVhuKFqNrUrReqGHiZBGjA/q8KoJL3RA:jgBTS7ntV4q7WxUNeq3fPO

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c89p

Decoy

ftersaleb.top

dcustomdesgins.net

ostbet2024.live

rhgtrdjdjytkyhretrdjfytd.buzz

atauniversity.tech

idoctor365.net

x-design-courses-29670.bond

ellowold-pc.top

ransportationmmsytpro.top

areerfest.xyz

artiresbah-in.today

ijie.pro

torehousestudio.info

69-11-luxury-watches.shop

earing-tests-44243.bond

hits.shop

hzl9.bond

lood-test-jp-1.bond

livialiving.online

usymomsmakingmoney.online

Targets

- Target
  
  Demo Contract.exe
- Size
  
  744KB
- MD5
  
  1f3a6997ed55ef6be6beccfc1996e011
- SHA1
  
  e79c2dde745697bace3bc0efceb136b4796b61a0
- SHA256
  
  36421bdf90ea83d4e677a54710f4d35e2bc15a1222c4abb17e78996029f53c97
- SHA512
  
  75a895a1e52929af7c3799ac4a609989246659c2e3cf9dc076bc873d089dbd47219eeb8ba4fdcb82c8fe5d1215dbd0f59eab69b43afe782e8268b140a5cdcb18
- SSDEEP
  
  12288:v6Wq4aaE6KwyF5L0Y2D1PqLRMiO8RxrhwK9kNr2rReqSHmZBGtA/q80okL3Rf:tthEVaPqLRlO8VCx2NeqlTOt
Score

10^/10

formbook c89p discovery rat spyware stealer trojan upx
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2