formbook

General

Target

DOCPDF.exe
Size

597KB
Sample

240926-qmsv6aygrr
MD5

debff2e29172e4c6b07a62a5d7b8a6b4
SHA1

6e2073a1f0dbd338f0a8673f35b8628581fac402
SHA256

874c6faee7e17445012c0f573c29dde997a71cc86e15fc3152a22365cf83bdf1
SHA512

565cccea3f2b0214e64e352a0676465c6b6792da5d7f77a9e97463c7ebb0fd8ab71baa835fa586268c425aa01577cf5ff5a3d7f652a9c1f6fb568757713b59f1
SSDEEP

12288:v0FSVDrE1Sytj7ueTw98NxmngEFTas9VdqJGQ/UUakA/k3Q8bQbZ:I1Sytj71LSdOqa4UakZTI

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b31a

Decoy

enjamin-paaac.buzz

mail-marketing-40950.bond

pusems28-post.cyou

hindo.top

ruck-company-be.today

asinos-deutschland.net

ewancash.boats

etdopovo.casino

rcher-saaac.buzz

871166.vip

manuel.app

g3yqo.shop

-9way.xyz

qawgytfexe.bond

iefi6834.vip

ental-health-35901.bond

idat-merkez18.top

rojectleadzone.website

lirudolph.top

migloballlc.online

Targets

- Target
  
  DOCPDF.exe
- Size
  
  597KB
- MD5
  
  debff2e29172e4c6b07a62a5d7b8a6b4
- SHA1
  
  6e2073a1f0dbd338f0a8673f35b8628581fac402
- SHA256
  
  874c6faee7e17445012c0f573c29dde997a71cc86e15fc3152a22365cf83bdf1
- SHA512
  
  565cccea3f2b0214e64e352a0676465c6b6792da5d7f77a9e97463c7ebb0fd8ab71baa835fa586268c425aa01577cf5ff5a3d7f652a9c1f6fb568757713b59f1
- SSDEEP
  
  12288:v0FSVDrE1Sytj7ueTw98NxmngEFTas9VdqJGQ/UUakA/k3Q8bQbZ:I1Sytj71LSdOqa4UakZTI
Score

10^/10

formbook b31a discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2