formbook

General

Target

db32917171cc878328cc86ce2ef69bc1c7bfbc128bcd45de81bef7d8fffbc832
Size

802KB
Sample

240930-vqrvgszgqg
MD5

a9d41260f057082287e0b806ba375118
SHA1

8b7c4d9626e546c2b009462d6226a174d5a8e7ec
SHA256

db32917171cc878328cc86ce2ef69bc1c7bfbc128bcd45de81bef7d8fffbc832
SHA512

521b200e5c3911d751e8fa26b6670edafee4f812e3e0f29eecf6af4733695a8d39c9d9370966ef6082fe9af67dd3d47d3a3cc07232427ae8e11c5b45185a7668
SSDEEP

24576:DYtaRE1WAkky2CmwTAjjdRJL3GExSR5BrXRg1:DYt9z4HRTAPd7iExSJri1

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

e62s

Decoy

ellinksa.shop

uckyspinph.xyz

owdark.net

arriage-therapy-72241.bond

w7ijko4rv4p97b.top

heirbuzzwords.buzz

aspart.shop

ctivemail5-kagoya-com.info

shacertification9.shop

zitcd65k3.buzz

llkosoi.info

ru8.info

rhgtrdjdjykyetrdjftd.buzz

yschoollist.kiwi

oftfolio.online

rograma-de-almacen-2.online

oudoarms.top

mwquas.xyz

orjagaucha.website

nlinechat-mh.online

Targets

- Target
  
  PO 5904318664.exe
- Size
  
  1.1MB
- MD5
  
  6f2d96ba0d4390c620690fc4178253fb
- SHA1
  
  b0db06e17e4fd85b82aa6c36c2f924ae82a30e93
- SHA256
  
  d7b29a7bc7f922835157f0baaa0b8ad4804f8929d8d0606c214eb82803cab1dd
- SHA512
  
  17815d4aa738770b2b2c9ba838d99cd5056ad53e4045bd0091f4f3f3421bafb5a787e9ba062a04bef0a2f0c1408e7b44ad5e6fe353b1c1bcba51cec3767c61c1
- SSDEEP
  
  24576:ffmMv6Ckr7Mny5QLnzObQ1VrfIikdtJ8w143hd:f3v+7/5QLnC8PriB8CU
Score

10^/10

formbook e62s discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2