formbook

General

Target

d72e2b372f10ca73099c02fedf3506ba76ba2aae1719f5bce7c7781454d1eace.exe
Size

556KB
Sample

241018-dcl9eawarn
MD5

f5ae864c7ebe0d68fb375cde32d490c7
SHA1

07858d5fd907b24c36ab941b55627bb2055640b5
SHA256

d72e2b372f10ca73099c02fedf3506ba76ba2aae1719f5bce7c7781454d1eace
SHA512

3ef4983039a8e2fd7bb5e61587573c90a8eb4e32fd5a4f546ff2ff3d868c1451a4b0668c8b9e8908004ffee122d4c467af4a69eb3425f08e486e4d60de3a11ed
SSDEEP

12288:RxUSlWi4Vdo8XVibatBie7RiTpTuJ3+LVWWL9kZX2cCUHN6L:R5Exfo8XpBlliThu5+LVrkZGcCZ

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn13

Decoy

5q53s.top

f9813.top

ysticsmoke.net

ignorysingeysquints.cfd

yncsignature.live

svp-their.xyz

outya.xyz

wlkflwef3sf2wf.top

etterjugfetkaril.cfd

p9eh2s99b5.top

400108iqlnnqi219.top

ynsu-condition.xyz

ndividual-bfiaen.xyz

anceibizamagazine.net

itrussips.live

orkcubefood.xyz

lindsandfurnishings.shop

ajwmid.top

pigramescentfeatous.shop

mbvcv56789.click

Targets

- Target
  
  d72e2b372f10ca73099c02fedf3506ba76ba2aae1719f5bce7c7781454d1eace.exe
- Size
  
  556KB
- MD5
  
  f5ae864c7ebe0d68fb375cde32d490c7
- SHA1
  
  07858d5fd907b24c36ab941b55627bb2055640b5
- SHA256
  
  d72e2b372f10ca73099c02fedf3506ba76ba2aae1719f5bce7c7781454d1eace
- SHA512
  
  3ef4983039a8e2fd7bb5e61587573c90a8eb4e32fd5a4f546ff2ff3d868c1451a4b0668c8b9e8908004ffee122d4c467af4a69eb3425f08e486e4d60de3a11ed
- SSDEEP
  
  12288:RxUSlWi4Vdo8XVibatBie7RiTpTuJ3+LVWWL9kZX2cCUHN6L:R5Exfo8XpBlliThu5+LVrkZGcCZ
Score

10^/10

formbook dn13 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2