formbook

General

Target

488b644255f4294a44d23f772b4ce5d9cf79d4ec26247a00721b22e19389e11c
Size

760KB
Sample

241008-jexe2szanh
MD5

05b29b5b5b6aa2cc033b31cc9ba37fd8
SHA1

398f0b0f44560a518076d8d8650d5acb2039b1eb
SHA256

488b644255f4294a44d23f772b4ce5d9cf79d4ec26247a00721b22e19389e11c
SHA512

e09536b83b72592568f79e6a55e9649093c13c1163aae1d4a175d9921d89156158368e4cccfd5020c1a99ab2666dd445ee383725bdf77beb7a10e7a01c3ee17b
SSDEEP

12288:UgUt62HVEkfK9rRF8BW5+PaBM17GbOw1vY+DG1JZXC62zkDzCs/kcfaIIgmTh:UrjfYFcMvM4JvY/XplCkVzqh

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ge07

Decoy

mail-marketing2-9946168.live

ouwmijnweb.net

verythingmars.online

rgqhcy.shop

unter-saaaa.buzz

ox.bio

arkside.top

ransportationmmsktpro.top

lue-ocean-bar.group

lympiccat.xyz

onstruction-jobs-49170.bond

andon-saaab.buzz

fdmw.sbs

48430091.top

yuyh.boats

kyt968.shop

pismedical.shop

ocialmediafactory.xyz

inussofa.shop

ision.fit

Targets

- Target
  
  OVERDUE INVOICE.exe
- Size
  
  1.0MB
- MD5
  
  6ed07d07cf776b88070683adbe3b6668
- SHA1
  
  6cb4702a3d0eb3f9887b62838772f6f432451caa
- SHA256
  
  97b4ba35c6feaccb928d2a4921d3f852ca36e70c851fc5edb7ae651efb2a1d61
- SHA512
  
  27dd5bdf36658c359317812a0ba16ead05991eadf02067831d3278eafa61f197407f1d12bb149dd9c4605afbd8470918d8e53b5595e2e5fdeeaa4c538b5e4c1d
- SSDEEP
  
  12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLJkbOe1vYUdm1JFXC6qzkdzCs3kcZaf:ffmMv6Ckr7Mny5QLaJvYDXpXCivzXm
Score

10^/10

formbook ge07 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2