formbook

General

Target

f27e5747ed86d455994dd693a78eae10aa7e212eb7411b1665939b86e44b134f.zip
Size

743KB
Sample

240926-c5r5pawbpg
MD5

120ddc8ee363dc6d25749f43ccd9292f
SHA1

d993913b5bf6cec3bd2bd7f71f7e48442e1d7da6
SHA256

f27e5747ed86d455994dd693a78eae10aa7e212eb7411b1665939b86e44b134f
SHA512

aa95d1f95b1c3a6f936611b22f254a61d28c0df8db6ca25b925cb2ebe63042bf405edf88bea3630d256fd321851be78f9b496e29a11761312342ed98fe172ab6
SSDEEP

12288:T/gBT51V14eECqni+Oa0A123c0DLFvdjmOddsoYKrdMpnGpuZHTHOG062IgAsoGc:zgBTS7ntCAl89dNrKKrd49ZzuD62IgAf

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c24t

Decoy

ealthbridgeccs.online

ngelicais.art

uktuksu1.sbs

fapoker.asia

hecreature.tech

orenzoplaybest14.xyz

op-smartphones-deal.today

delark.click

7395.asia

otnews.cfd

j16e.xyz

oko.events

fscxb.top

roudtxliberals.vote

asas-br.bond

ourhealthyourlife.shop

fbpd.top

j9u9.xyz

uijiuw.top

aming-chair-37588.bond

Targets

- Target
  
  M20240930086.exe
- Size
  
  758KB
- MD5
  
  d6b81c33449a58e41301d210bc265632
- SHA1
  
  46b121a17c3f960430f488bcb4cc1c15307bdd55
- SHA256
  
  b481fd78d0f715aaf7d7446c33e2bdf500e52e1c0d58ce5f81efae25ff9a8fd2
- SHA512
  
  86bdadb1b65e6f7de574d7851518f52bdfd05c5e84a881115a9a7204693847b95094a6a4cc23a926fdb66433926c7ace6b54cc83e88272a66074712876882a4a
- SSDEEP
  
  12288:v6Wq4aaE6KwyF5L0Y2D1PqLTA1S3c0DLFvFjmOd1soYKrdyTnapuTHTNOG002Iil:tthEVaPqLTAV89FNXuKrd6hTzoD02Iil
Score

10^/10

formbook c24t discovery rat spyware stealer trojan upx
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2