formbook | c0e855dd6adbc1c592518bf09966e6240217b8445b2521a6d189e20bfafdff16 | Triage

Sharing

General

Target

c0e855dd6adbc1c592518bf09966e6240217b8445b2521a6d189e20bfafdff16
Size

793KB
Sample

241002-b5vp5s1dmj
MD5

6243d067a73169cebb23d0f78c149eeb
SHA1

373a80fb1c3fe0ac14857700ffc61f87cff13e91
SHA256

c0e855dd6adbc1c592518bf09966e6240217b8445b2521a6d189e20bfafdff16
SHA512

cfb4736fe0e2c9fa57a5c2afd0c5cef5c0ed35f13e0f9d5e8877eefdeaaee974d2cab42575341b1dbc93b5cf89944eab1dcbcdd6c14c81baef59b6775e3056b0
SSDEEP

12288:vgUt62HVEkfK9rRF8BW5+PaBMEiyM9tGCPQatzsFlpS7C4dQaDciAt:vrjfYFcMvMB9tGCP55sFlk5dQaoiAt

Score

10^/10

formbook c24t discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c24t

Decoy

ealthbridgeccs.online

ngelicais.art

uktuksu1.sbs

fapoker.asia

hecreature.tech

orenzoplaybest14.xyz

op-smartphones-deal.today

delark.click

7395.asia

otnews.cfd

j16e.xyz

oko.events

fscxb.top

roudtxliberals.vote

asas-br.bond

ourhealthyourlife.shop

fbpd.top

j9u9.xyz

uijiuw.top

aming-chair-37588.bond

Targets

- Target
  
  NEW PO - 24101.exe
- Size
  
  1.1MB
- MD5
  
  2101224c25b008724832b22df4b2f33f
- SHA1
  
  1ab2163ad4933dfa6e9b7c9809bdd47f0d3f8ed1
- SHA256
  
  ed3c955db72dc944a905068be7dc2c7668c4de73be2c5efe3307b16e60e901a3
- SHA512
  
  c0d9f0a4294e06d25d7f94efe1ea82d4c98a2500abd1174d5979f97f8a0b01ac24a256d468b39609356a313521866942ba596012e34bc7f2b00dd7a8e6f77a3e
- SSDEEP
  
  24576:ffmMv6Ckr7Mny5QLP9dGCLj5+F3kJnwahiA1:f3v+7/5QLP9dDLj5Q0VXh31
Score

10^/10

formbook c24t discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookc24tdiscoveryratspywarestealertrojan

behavioral2

formbookc24tdiscoveryratspywarestealertrojan