formbook

General

Target

e27078836cee5587e510d1fa30b897c3496533dc4de02006d61ba4189f02802f.iso
Size

1.6MB
Sample

241030-d8cpvaxkgn
MD5

b1f77b5da93b1b37a82e23f9f6d3267c
SHA1

58169c8885c0ea12ca711708dc7c14b869588697
SHA256

e27078836cee5587e510d1fa30b897c3496533dc4de02006d61ba4189f02802f
SHA512

cd8ee70e5453fd0a02626e373faaf2ed6f076a3eed64af8f04602d8d9cf88ad63a126c529dd3fcb1bad4fa9fd7519a51d649bc296fb766833d15fc690c141160
SSDEEP

24576:8fmMv6Ckr7Mny5Qs7C5C3iYyvKoBn/9b47mJqfK:83v+7/5Qs7BiH5l1q4qf

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ee25

Decoy

eefnoodle.top

arketlivanty.store

lleranum.report

uperpotencias4.site

ab1nsf97yl.top

imselfcare.store

tupidmoney.top

4e5jys.top

ellcat.xyz

plantboxs.store

heivyoxbridge.store

00800.vip

nline-advertising-97785.bond

ndersoncarvalho.xyz

anjaexpert.makeup

scoedit.care

onstruction-jobs-99671.bond

adine-la-lourde.fun

lluminatilord.online

kkr.top

Targets

- Target
  
  Order Inquiry No TM05-Q2-1024.scr
- Size
  
  1.0MB
- MD5
  
  2308945a05f8bd962152fbe15a6f6d03
- SHA1
  
  6c00121ecdcd68f9aace9370a33fa18b4105abb5
- SHA256
  
  f9b51d26f30902c804cf7df4aea874a91fc6858d1e3a3bb38708d78bc8e1c12f
- SHA512
  
  0610a394ee8e0e39b096fb4e2452ed4416ed800bcb6dba80eba481083680f358c88e8eb38228d8ae0edd8533f1fb6b7e53da2a02435068e25bc8fafaaf102436
- SSDEEP
  
  24576:KfmMv6Ckr7Mny5Qs7C5C3iYyvKoBn/9b47mJqfKT:K3v+7/5Qs7BiH5l1q4qfm
Score

10^/10

formbook ee25 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2