formbook | c4d84df26de6eec4514b188d29ef0707fbbd590ac6f28dbda448120b3a97d5f1 | Triage

Sharing

General

Target

c4d84df26de6eec4514b188d29ef0707fbbd590ac6f28dbda448120b3a97d5f1.rar
Size

735KB
Sample

240928-b8dk2ashpc
MD5

f2822b12ba0855eb8aa39ef4cc27f911
SHA1

8cd887e184ed71ffc93fa142ee2fdc5338b30958
SHA256

c4d84df26de6eec4514b188d29ef0707fbbd590ac6f28dbda448120b3a97d5f1
SHA512

cb819331a93f720757491eeb39e417ca262672b47a40176d79cf15e8470d57e1045886bd125650a625e064344ebe7212643008fcd1a5eb6c418c507e58044ebe
SSDEEP

12288:SjgrMujkjkDeH87blnqv2Ek2GQdq35VpxA4385983h80SPUcMmrud9o6ZalbzVFQ:07jkDecNW2Ek/kqJVXghzMXdVYvZaPYG

Score

10^/10

formbook e62s discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

e62s

Decoy

ellinksa.shop

uckyspinph.xyz

owdark.net

arriage-therapy-72241.bond

w7ijko4rv4p97b.top

heirbuzzwords.buzz

aspart.shop

ctivemail5-kagoya-com.info

shacertification9.shop

zitcd65k3.buzz

llkosoi.info

ru8.info

rhgtrdjdjykyetrdjftd.buzz

yschoollist.kiwi

oftfolio.online

rograma-de-almacen-2.online

oudoarms.top

mwquas.xyz

orjagaucha.website

nlinechat-mh.online

Targets

- Target
  
  SWIFT COPY.exe
- Size
  
  1.1MB
- MD5
  
  dd4c2c493ef0580e71c450fcb065cc3f
- SHA1
  
  8fa3f5a33e0a6ba97aaa97de37536368f4b15ffa
- SHA256
  
  d1255266817eb3bfb16b76ff97252b059cd857fffd048db4ded59a5eca0fa0a8
- SHA512
  
  e9e63873f83287fc76c714b119765624f54530e44d9a65eaa015374572fe0cab8fdb74048b23f77ad2dcef0a00cb22b17a9f0d4609fa7981e98102ec0419ccca
- SSDEEP
  
  24576:5RmJkcoQricOIQxiZY1iaX5l9P8KRXFx126MRXYhV7L9j2g:WJZoQrbTFZY1iaX3x8+xAKhN97
Score

10^/10

formbook e62s discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooke62sdiscoveryratspywarestealertrojan

behavioral2

formbooke62sdiscoveryratspywarestealertrojan