formbook

General

Target

02102024020501102024NewOrder6023095840024.rar
Size

725KB
Sample

241002-jp6rgavemn
MD5

a33d70a4c3f2b97f455e06283719c628
SHA1

cd99c70cb51efaf545eb2782af5727b5c0ca86f5
SHA256

a31973d4c397bd29577fa5d2a0396cf7056b6a50c1d324c1dd0a3f09536755b7
SHA512

4ed98c068d19d637d7b9a960ee8f39ef8ff59e8dd565c3bbec88ed04cdc15dfa54417573358fe3422baa8f613f38d07e61c1f5a3fe14e1745ba1eae695d72c6e
SSDEEP

12288:cCmzfwJimOfoMMXccopeIAoNqwM9KbrJS4vwPfZ9OoZA3Q9ps77dgAS9:cNwJimOAvYpeIXSWFqfZXW8u93S9

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

e62s

Decoy

ellinksa.shop

uckyspinph.xyz

owdark.net

arriage-therapy-72241.bond

w7ijko4rv4p97b.top

heirbuzzwords.buzz

aspart.shop

ctivemail5-kagoya-com.info

shacertification9.shop

zitcd65k3.buzz

llkosoi.info

ru8.info

rhgtrdjdjykyetrdjftd.buzz

yschoollist.kiwi

oftfolio.online

rograma-de-almacen-2.online

oudoarms.top

mwquas.xyz

orjagaucha.website

nlinechat-mh.online

Targets

- Target
  
  New Order#60-23095840024.exe
- Size
  
  1.0MB
- MD5
  
  008540d661e0d48291a28ac5367b74c1
- SHA1
  
  76c2fc64f94ca2cf60660c153f786973ddba8dc7
- SHA256
  
  32e3469ebd2aeebb14ba72ea6f6425ae7588c24c451bd9e1bba7003b83f74363
- SHA512
  
  33ba3bd35eb04a275618e4b365b66893805afc8ea8c9a70e845b5555cf21519b8251ef2d9a9e0bdc46c1ac1032f5a3442ba9a5b4d9c599e8f819c1bce741244b
- SSDEEP
  
  24576:KfmMv6Ckr7Mny5Qtijlv/HWWqNWx0/nhEp:K3v+7/5QtaNqYxShg
Score

10^/10

formbook e62s discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2