formbook

General

Target

QUOTEQUG24-200370054200518.rar
Size

723KB
Sample

241003-lp3e6awerr
MD5

cd2db8eb4423cab5c60656230b2b9ab2
SHA1

a2314cfc59280be2f027ccab6eb3e81db06ad964
SHA256

2a0523f8f332eaf98f9c1ed696a22f710bf76eaa6cff8fa37a7905e3ce302393
SHA512

1bf95aedb71a107e434e21e96a820f9f261a4d8031433017ce1d1326c75d6821e2cf1efcfabf94e02109e5c4c10d2107543a6ff4054d0409d01d7afdc0275ce1
SSDEEP

12288:+7QWFPlFfYcpMXcmzHcJdWffKi6jeEOGbyYogrbpn0sSYLuBgbu/i:JWdo3HcPFiTE83+jf6ri

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

e62s

Decoy

ellinksa.shop

uckyspinph.xyz

owdark.net

arriage-therapy-72241.bond

w7ijko4rv4p97b.top

heirbuzzwords.buzz

aspart.shop

ctivemail5-kagoya-com.info

shacertification9.shop

zitcd65k3.buzz

llkosoi.info

ru8.info

rhgtrdjdjykyetrdjftd.buzz

yschoollist.kiwi

oftfolio.online

rograma-de-almacen-2.online

oudoarms.top

mwquas.xyz

orjagaucha.website

nlinechat-mh.online

Targets

- Target
  
  QUOTE QUG24-200370054200518.exe
- Size
  
  1.1MB
- MD5
  
  624524a11876131a018ef46266abb555
- SHA1
  
  1abdebb3babdbb85b62966c70f3d4c340c640e81
- SHA256
  
  3d1cf93ee455b1bc9b763591e1be54ec17e4a8cb814a8be59270e72727f11c53
- SHA512
  
  a194e9cce840451e881ef483906fa93df9f54f41f189f220e3332fde27f76c76b280ad31a99eccacaf990c5abf0937aaf85af87dcc9c3dab1f7b7ec45fd3b2fa
- SSDEEP
  
  12288:JLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QNJLlZ6TZLCLQY7tJailcTqhZU5xCWJ4:NfmMv6Ckr7Mny5QNJ6ALQYSiluzVG
Score

10^/10

formbook e62s discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2