formbook

General

Target

z52Overdue_Statement_Invoice24130084_pdf.exe
Size

1.1MB
Sample

241025-pr95kazfrn
MD5

d5dc631fd513e813539b6f146eee3a7a
SHA1

d677fdc8b5df662a94d5a70b96cd564dad058c51
SHA256

f9264179af743b510f7158e518141c28d4e0132591f3dfb360a2b1277180dc7e
SHA512

7ae9b889de2bd0d2c51e65825db33bf07df42bfb87abc822911f199c8024e1069b76030743b4c239b607c89e57c6f45d1fa8091dfc1017c9fe399bc6074b5fa9
SSDEEP

24576:ffmMv6Ckr7Mny5QLP/avBgIDjD9Nt92vLIxTcL:f3v+7/5QLn+gIDjn2vLOTcL

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

f29s

Decoy

rostnixon.net

exxxwordz.xyz

ndradesanches.shop

eneral-vceef.xyz

isanbowl.top

aresrasherregard.cfd

dzas-yeah.xyz

0083.miami

hongziyin01.top

jdhfmq.live

alembottling.net

vtyo-phone.xyz

kaqb-decade.xyz

odel-lsmfz.xyz

aradise.tech

uan123-rtp43.xyz

pusptracking.xyz

uqhi42.xyz

mihy-professor.xyz

mnz-your.xyz

Targets

- Target
  
  z52Overdue_Statement_Invoice24130084_pdf.exe
- Size
  
  1.1MB
- MD5
  
  d5dc631fd513e813539b6f146eee3a7a
- SHA1
  
  d677fdc8b5df662a94d5a70b96cd564dad058c51
- SHA256
  
  f9264179af743b510f7158e518141c28d4e0132591f3dfb360a2b1277180dc7e
- SHA512
  
  7ae9b889de2bd0d2c51e65825db33bf07df42bfb87abc822911f199c8024e1069b76030743b4c239b607c89e57c6f45d1fa8091dfc1017c9fe399bc6074b5fa9
- SSDEEP
  
  24576:ffmMv6Ckr7Mny5QLP/avBgIDjD9Nt92vLIxTcL:f3v+7/5QLn+gIDjn2vLOTcL
Score

10^/10

formbook f29s discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2