formbook

General

Target

Transaction_Details_[ReferenceID].pdf.zip
Size

841KB
Sample

241025-mchqnaygkq
MD5

fcec7964b463028fd4fdd580ba4df6e7
SHA1

53584f3f5a395a5288d68002332f808a355437d6
SHA256

7a245899bc2ba442aec872ea6493dd56da84ed735d5ddf06fd70796c2472f124
SHA512

b47cdc92e27e2e27401774505813069e328050821f3e93d1128f3c5b8584252adc9fbd24e7b0e1838c3366cf437c9aca7499c35df0fdff9a8da4d968bb97eada
SSDEEP

12288:kyjvYeNPKX+wRi6gwKtKcNiuJH5swsrIaOfJ2o2j9KjYhxtC8LIvu8xbdmlw:kyDYeJT6hKriuJHl7Io2j99vIvlbcm

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

f29s

Decoy

rostnixon.net

exxxwordz.xyz

ndradesanches.shop

eneral-vceef.xyz

isanbowl.top

aresrasherregard.cfd

dzas-yeah.xyz

0083.miami

hongziyin01.top

jdhfmq.live

alembottling.net

vtyo-phone.xyz

kaqb-decade.xyz

odel-lsmfz.xyz

aradise.tech

uan123-rtp43.xyz

pusptracking.xyz

uqhi42.xyz

mihy-professor.xyz

mnz-your.xyz

Targets

- Target
  
  Transaction_Details_[ReferenceID].pdf.exe
- Size
  
  1.2MB
- MD5
  
  5513c53ff0ac4a880b5a35ceb8b7cb1c
- SHA1
  
  7bc81330e32d49af2689f81152d2cd696c99c6be
- SHA256
  
  1c8de42bff76a20cdaee2bed7629f8f0dfcf4ab5c7b5ee637d147f6f45311015
- SHA512
  
  f40b441c78ef38bfcf051c3626cf98055d5e5dca9c3fd56dd5b441411dbdefac74d63627233fb1965a3fab4e1a30773f60fbf16eaf83b1a71afe7ed6cb0b9c39
- SSDEEP
  
  12288:LLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QHCVvs1IyOft2m2L9ajYhHti8LIva8xi:/fmMv6Ckr7Mny5QHkzzcm2L9NJIvRbsT
Score

10^/10

formbook f29s discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2