formbook

General

Target

ebddd04d90d5317ac06e4a5515143c6b130a45d2c328c115f3ee37d1eb665c0c.exe
Size

1.1MB
Sample

241009-mr866a1crm
MD5

3f0068b95be434b5a808526fabfad3c2
SHA1

17caf9d7f313976a32d32dd91a5d67456a19652f
SHA256

ebddd04d90d5317ac06e4a5515143c6b130a45d2c328c115f3ee37d1eb665c0c
SHA512

32a59eed3d5084bc1e1a5f411fec9876b10d07e97d286abb3463f27b9e34663f5995962ce694e97900bfe72a831fde1faf0c519df92d3783dd87cf5087447e10
SSDEEP

24576:LRmJkcoQricOIQxiZY1WNygPZNHYz6Glk3oCb+:IJZoQrbTFZY1WNyI3i60k4l

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c89p

Decoy

ftersaleb.top

dcustomdesgins.net

ostbet2024.live

rhgtrdjdjytkyhretrdjfytd.buzz

atauniversity.tech

idoctor365.net

x-design-courses-29670.bond

ellowold-pc.top

ransportationmmsytpro.top

areerfest.xyz

artiresbah-in.today

ijie.pro

torehousestudio.info

69-11-luxury-watches.shop

earing-tests-44243.bond

hits.shop

hzl9.bond

lood-test-jp-1.bond

livialiving.online

usymomsmakingmoney.online

Targets

- Target
  
  ebddd04d90d5317ac06e4a5515143c6b130a45d2c328c115f3ee37d1eb665c0c.exe
- Size
  
  1.1MB
- MD5
  
  3f0068b95be434b5a808526fabfad3c2
- SHA1
  
  17caf9d7f313976a32d32dd91a5d67456a19652f
- SHA256
  
  ebddd04d90d5317ac06e4a5515143c6b130a45d2c328c115f3ee37d1eb665c0c
- SHA512
  
  32a59eed3d5084bc1e1a5f411fec9876b10d07e97d286abb3463f27b9e34663f5995962ce694e97900bfe72a831fde1faf0c519df92d3783dd87cf5087447e10
- SSDEEP
  
  24576:LRmJkcoQricOIQxiZY1WNygPZNHYz6Glk3oCb+:IJZoQrbTFZY1WNyI3i60k4l
Score

10^/10

formbook c89p discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2