formbook

General

Target

fc117f10fec938fc5983ad960142b3dafdc946dee592d13a37c6f21aee2618fc.exe
Size

605KB
Sample

241017-c3jqjaxhrg
MD5

02f965a386a4d013fd3797e60b7bfb74
SHA1

2232f1b561c50a1c33ff1f282e198e3de978001f
SHA256

fc117f10fec938fc5983ad960142b3dafdc946dee592d13a37c6f21aee2618fc
SHA512

6e10046bd2c9c830b5534032e9b2205c313c8e5fd7939e039586286c97d63b1fd36565942d5811c0831a598e8e37738abc648db4b203bd85642fb70cd38408d2
SSDEEP

12288:wkRybL6s+wv7eIxTJk6KysPepbTI2iNqcQdAY+oIlf9loFiWKsQ:zRU6s+wyIpqbPexTI2vTV+df9WrK

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ms84

Decoy

ecurity-ukgaxq.xyz

45ee.top

risiddivinayaka.net

tizip-skill.xyz

ostcanadantet.top

764.xyz

oco188rtp.xyz

lobalacessory.shop

qcq-serve.xyz

dameth.top

arge-eycert.xyz

yzwj-she.xyz

bgfrp-plant.xyz

emesiartwork.net

rcw-hotel.xyz

loor-dfqzpi.xyz

vidence-zvkkln.xyz

oisthuchoyarura.shop

959108ttltxfm842.top

apzcc-both.xyz

Targets

- Target
  
  fc117f10fec938fc5983ad960142b3dafdc946dee592d13a37c6f21aee2618fc.exe
- Size
  
  605KB
- MD5
  
  02f965a386a4d013fd3797e60b7bfb74
- SHA1
  
  2232f1b561c50a1c33ff1f282e198e3de978001f
- SHA256
  
  fc117f10fec938fc5983ad960142b3dafdc946dee592d13a37c6f21aee2618fc
- SHA512
  
  6e10046bd2c9c830b5534032e9b2205c313c8e5fd7939e039586286c97d63b1fd36565942d5811c0831a598e8e37738abc648db4b203bd85642fb70cd38408d2
- SSDEEP
  
  12288:wkRybL6s+wv7eIxTJk6KysPepbTI2iNqcQdAY+oIlf9loFiWKsQ:zRU6s+wyIpqbPexTI2vTV+df9WrK
Score

10^/10

formbook ms84 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2