formbook

General

Target

New Order 9035673890.rar
Size

737KB
Sample

240927-h68rqa1epm
MD5

7ee56bf9e04d6da1b823d76502c5b44f
SHA1

ba620c3ff043d678b394231e96b77bf50b583d05
SHA256

df7402c1259a1e2c84e8520a0bb3bee6f36cef2f08cbb6d0eff4f97b65885722
SHA512

af5a417130480a7d5ed763f0346ff00a2da54b66a672448c61fdbf67ec4cb907ca30a97852d1a836470532dd90fb1c0a805e1b12cc5efb46f990160baf164dcc
SSDEEP

12288:yitx+PDeHd72XSD0phnjjm3o0EzqQont/adzslWp004LCy:yib+PDe9+Swzn1NeQot/aJsg004Oy

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

e62s

Decoy

ellinksa.shop

uckyspinph.xyz

owdark.net

arriage-therapy-72241.bond

w7ijko4rv4p97b.top

heirbuzzwords.buzz

aspart.shop

ctivemail5-kagoya-com.info

shacertification9.shop

zitcd65k3.buzz

llkosoi.info

ru8.info

rhgtrdjdjykyetrdjftd.buzz

yschoollist.kiwi

oftfolio.online

rograma-de-almacen-2.online

oudoarms.top

mwquas.xyz

orjagaucha.website

nlinechat-mh.online

Targets

- Target
  
  New Order 9035673890.exe
- Size
  
  1.1MB
- MD5
  
  f2a9270835ef7d0db0a287867cb98f6f
- SHA1
  
  3d3b9b719b0d4c1040e3b337ecae1f5b8729f5db
- SHA256
  
  e518c029a8b513fd3c2e77c475f8bd19c54c8a15d38198d878c8322a7b491f52
- SHA512
  
  3b6339a3434693dd9076469ee757805e7e2b78d14c77624a0a4b3b9a65f9b8a275137f5e8638abebfd5da7dbe1592aa7300543905d93a118779ae15f04c80837
- SSDEEP
  
  24576:8RmJkcoQricOIQxiZY1iaADPzYJw7P04dA2iGKowNCC:pJZoQrbTFZY1iaADPzpzqhaw8C
Score

10^/10

formbook e62s discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2