formbook

General

Target

RFQ232110.exe
Size

665KB
Sample

241008-hn8n1axeqf
MD5

d57281188377857e91520a46ad75a1d8
SHA1

2b99fd634fde701062cb163bfdc5c410a872e50f
SHA256

e1902171c2bba8b0280e747ec2457209c1b32bf899d85f241c2993fdcba1ac31
SHA512

89f5424a818efd91c13acb7f38c3a9b0d1959abada6e5aba96dec591b1ce275cac26b00a94371f7fe90d1f250b9370ac089c0253392eda96fa9e11d032868719
SSDEEP

12288:mLNhkYRig7eFSYOErtXYHaVely7tpdV84KkRfAovmE:SHag7WnvhDT7L84Kb5E

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cu29

Decoy

qidr.shop

usinessaviationconsulting.net

68716329.xyz

nd-los.net

ealthironcladguarantee.shop

oftware-download-69354.bond

48372305.top

omeownershub.top

mall-chilli.top

ajakgoid.online

ire-changer-53482.bond

rugsrx.shop

oyang123.info

azino-forum-pro.online

817715.rest

layman.vip

eb777.club

ovatonica.net

urgaslotvip.website

inn-paaaa.buzz

Targets

- Target
  
  RFQ232110.exe
- Size
  
  665KB
- MD5
  
  d57281188377857e91520a46ad75a1d8
- SHA1
  
  2b99fd634fde701062cb163bfdc5c410a872e50f
- SHA256
  
  e1902171c2bba8b0280e747ec2457209c1b32bf899d85f241c2993fdcba1ac31
- SHA512
  
  89f5424a818efd91c13acb7f38c3a9b0d1959abada6e5aba96dec591b1ce275cac26b00a94371f7fe90d1f250b9370ac089c0253392eda96fa9e11d032868719
- SSDEEP
  
  12288:mLNhkYRig7eFSYOErtXYHaVely7tpdV84KkRfAovmE:SHag7WnvhDT7L84Kb5E
Score

10^/10

formbook cu29 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2