formbook

General

Target

d6254ba7494dc16f4b33c879f44fda381215ce53c01319e45f97a2b661e11cc2.exe
Size

1.1MB
Sample

241026-dcd8ssydmc
MD5

4683e61354548cd31101748ba961519f
SHA1

cdbaf6f43df1dfdc3a01e22e3b23637a52489be4
SHA256

d6254ba7494dc16f4b33c879f44fda381215ce53c01319e45f97a2b661e11cc2
SHA512

056de8a362a1450b8053ad7af3b59572ef4b527b60485e50b37826a5712d17f80b5ab8c93c4eb0af9bd34bc6d8302367380098e96611107f93ba0729bde96f78
SSDEEP

12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLoRrvtAqY5APCxb5wvixoE5t+Krayye:ffmMv6Ckr7Mny5QLoxIWPQ5V2WtJnZJ

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

f29s

Decoy

rostnixon.net

exxxwordz.xyz

ndradesanches.shop

eneral-vceef.xyz

isanbowl.top

aresrasherregard.cfd

dzas-yeah.xyz

0083.miami

hongziyin01.top

jdhfmq.live

alembottling.net

vtyo-phone.xyz

kaqb-decade.xyz

odel-lsmfz.xyz

aradise.tech

uan123-rtp43.xyz

pusptracking.xyz

uqhi42.xyz

mihy-professor.xyz

mnz-your.xyz

Targets

- Target
  
  d6254ba7494dc16f4b33c879f44fda381215ce53c01319e45f97a2b661e11cc2.exe
- Size
  
  1.1MB
- MD5
  
  4683e61354548cd31101748ba961519f
- SHA1
  
  cdbaf6f43df1dfdc3a01e22e3b23637a52489be4
- SHA256
  
  d6254ba7494dc16f4b33c879f44fda381215ce53c01319e45f97a2b661e11cc2
- SHA512
  
  056de8a362a1450b8053ad7af3b59572ef4b527b60485e50b37826a5712d17f80b5ab8c93c4eb0af9bd34bc6d8302367380098e96611107f93ba0729bde96f78
- SSDEEP
  
  12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLoRrvtAqY5APCxb5wvixoE5t+Krayye:ffmMv6Ckr7Mny5QLoxIWPQ5V2WtJnZJ
Score

10^/10

formbook f29s discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2