formbook

General

Target

New Order 72821.exe
Size

1.1MB
Sample

241015-e7n7xsyhkp
MD5

10cf450b636e10f0b7552e444f102581
SHA1

b056243b2117e97bd4934c7a953283db26d48168
SHA256

a4ee829bdcac8446c8ac67b09901138f2510a46804d39c380228ddeea3d2e093
SHA512

44ddb50c1531429c77a2384835e21f564d2f5f9cb01d0398e5aca9da8e2f3596354ed0ed8f13f6a1ad80662862e53aac44e685034a596b929a6c002aab7c6c90
SSDEEP

24576:ffmMv6Ckr7Mny5QLryhbVW5Zq/ReHShY8Y:f3v+7/5QLwgv

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ge07

Decoy

amyard.shop

eloshost.xyz

g18q11a.top

orensic-vendor-735524320.click

ithin-ksvodn.xyz

xhyx.top

elonix-traceglow.pro

cillascrewedsedroth.cfd

wner-nyquh.xyz

reyhazeusa.shop

esmellretaperetotal.cfd

hqm-during.xyz

pipagtxcorrelo.xyz

lray-civil.xyz

apybarameme.xyz

rbuds.shop

hild-fcudh.xyz

rkgexg.top

estwestcottwines.shop

giyztm.xyz

Targets

- Target
  
  New Order 72821.exe
- Size
  
  1.1MB
- MD5
  
  10cf450b636e10f0b7552e444f102581
- SHA1
  
  b056243b2117e97bd4934c7a953283db26d48168
- SHA256
  
  a4ee829bdcac8446c8ac67b09901138f2510a46804d39c380228ddeea3d2e093
- SHA512
  
  44ddb50c1531429c77a2384835e21f564d2f5f9cb01d0398e5aca9da8e2f3596354ed0ed8f13f6a1ad80662862e53aac44e685034a596b929a6c002aab7c6c90
- SSDEEP
  
  24576:ffmMv6Ckr7Mny5QLryhbVW5Zq/ReHShY8Y:f3v+7/5QLwgv
Score

10^/10

formbook ge07 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2