formbook

General

Target

03102024_0316_02102024_Bonifico 1022024pdf.zip
Size

653KB
Sample

241003-ds2c9swajd
MD5

070f413dee83f452f0c30de804c2b294
SHA1

bc9258a06d2e42eff79d5429ffe2627595d46603
SHA256

750bf9a5198ce7678144a70fb4648201646b690cec13b26cf8e16dba5eead94c
SHA512

8540e945cf3eb8231140763a1c3bff750c14aad0a3ba12646ca8419d896dbd791cfebfbd88a9bbbad532d5b66f1a0063fcf8c4351f499dd10785d541b21db76d
SSDEEP

12288:LvCvZqhH4xGcIKho8cGZOLmBE6tlNuMnrZbm3pri5kAehEIWYLStLc:LvQLGcPhwGZmmBE6XN/nrZbmID3IWLc

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

e23y

Decoy

stiloeconforto.shop

79nn470gl.autos

ffg.autos

elix-saaac.buzz

tlasbet88win.sbs

inoliga.app

777.fun

avada-ga-3.press

avandakitchen.online

61ep864tr.autos

igitalonlineseva.online

ar-deals-15908.bond

sqqpkv.pro

368i8rnoy.xyz

lxspinsenin.lol

9y204r7eo.sbs

toptalkingaboutit.net

eeplab.xyz

filmyhit.vip

athroom-remodeling-59089.bond

Targets

- Target
  
  Bonifico 1022024pdf.exe
- Size
  
  1.1MB
- MD5
  
  18f39b782ff2ccc5577ed1430864f804
- SHA1
  
  36ef1ff204f6e51e3596daef3bcd3412c14cbe08
- SHA256
  
  6706e7c66c6eecb08ddc9631e077c73f82aafdbe39faa47a3cf82812594bcd8b
- SHA512
  
  b1f716d836ed43fa622f078e32239995dac0ad80a67a9668e76d529968f4afaaea6a859960dcc78f267e68d245f0d1210b1cc2a9f08a260362d7f4d481e6d473
- SSDEEP
  
  24576:lAHnh+eWsN3skA4RV1Hom2KXMmHaGSbYCVZGWbZ5:Uh+ZkldoPK8YaGSECD7H
Score

10^/10

formbook e23y discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2