formbook

General

Target

09102024_1019_08102024_RFQ232110.pdf.z
Size

590KB
Sample

241009-mczn6syfjp
MD5

61af8e0b44864243131c4614d1efb00f
SHA1

ecd4aa0fbf84567617fe2857bddf4b8347bbfbec
SHA256

1b086a52b64bdeb68a4b45fdfeb8eab59403fcb90cc2383b13ff5c8d4b7ab256
SHA512

ebd3e8e9e1bc27ce99cd108b1c7bc9cf57482f7c0dcdff008ff123f054b495ab82553026e066aa3d6c24db53387b7849c75cc859127a97ea7ca4b2ac80f22fc3
SSDEEP

12288:NVG40nP87g8DZfhtXixYvdKqjbEK3po+mF3qh0WiIGdly:Nk4+8hhRWsNjt3po+mRqhboy

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cu29

Decoy

qidr.shop

usinessaviationconsulting.net

68716329.xyz

nd-los.net

ealthironcladguarantee.shop

oftware-download-69354.bond

48372305.top

omeownershub.top

mall-chilli.top

ajakgoid.online

ire-changer-53482.bond

rugsrx.shop

oyang123.info

azino-forum-pro.online

817715.rest

layman.vip

eb777.club

ovatonica.net

urgaslotvip.website

inn-paaaa.buzz

Targets

- Target
  
  RFQ232110.exe
- Size
  
  665KB
- MD5
  
  d57281188377857e91520a46ad75a1d8
- SHA1
  
  2b99fd634fde701062cb163bfdc5c410a872e50f
- SHA256
  
  e1902171c2bba8b0280e747ec2457209c1b32bf899d85f241c2993fdcba1ac31
- SHA512
  
  89f5424a818efd91c13acb7f38c3a9b0d1959abada6e5aba96dec591b1ce275cac26b00a94371f7fe90d1f250b9370ac089c0253392eda96fa9e11d032868719
- SSDEEP
  
  12288:mLNhkYRig7eFSYOErtXYHaVely7tpdV84KkRfAovmE:SHag7WnvhDT7L84Kb5E
Score

10^/10

discovery formbook cu29 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

2

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2