formbook

General

Target

8e19bbaa0d533f50d2b7c9013955c07772e752b0751ec30e73a36b792bdf4adc.exe
Size

735KB
Sample

241102-g9dv3szeme
MD5

6583b31c04382b454584d574e9f72ee3
SHA1

b17ff02e8c94f1686e5603bc6f4cc9da4b9d5693
SHA256

8e19bbaa0d533f50d2b7c9013955c07772e752b0751ec30e73a36b792bdf4adc
SHA512

e7bb0c31ea55c905f7a0e770ee6a3f59e2a41251a202bbff7d3d391d13ea50ee4a6a1f7b76eddfa631b086508ad536a1ed2392229bd314812dd8c80981514ea2
SSDEEP

12288:Kn9InteusjOXxpPOleIztNLIzJkrB9aHVWk0KiuaJ+mabxJcNFJS53BOj+iU2/Q0:KJoLGsytwJuraB0KiuaJC8XC3EE2o4JF

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pa12

Decoy

ouse-lbujyz.xyz

isterbims.net

oditelskii-spravki.top

ight-bloj.xyz

ocztapolskaws.pics

atzenbeekmanbekiss.cfd

4nvn55.top

ore-rmwtp.xyz

cutes.xyz

anhandleherald.xyz

aomei507.top

ffableeffumeegglike.cfd

4o2v3yp.top

thers-deaax.xyz

tpbp-mouth.xyz

orgers.services

artinhaustusheisson.shop

tki-environmental.xyz

xplindep.website

uiadeouro.shop

Targets

- Target
  
  8e19bbaa0d533f50d2b7c9013955c07772e752b0751ec30e73a36b792bdf4adc.exe
- Size
  
  735KB
- MD5
  
  6583b31c04382b454584d574e9f72ee3
- SHA1
  
  b17ff02e8c94f1686e5603bc6f4cc9da4b9d5693
- SHA256
  
  8e19bbaa0d533f50d2b7c9013955c07772e752b0751ec30e73a36b792bdf4adc
- SHA512
  
  e7bb0c31ea55c905f7a0e770ee6a3f59e2a41251a202bbff7d3d391d13ea50ee4a6a1f7b76eddfa631b086508ad536a1ed2392229bd314812dd8c80981514ea2
- SSDEEP
  
  12288:Kn9InteusjOXxpPOleIztNLIzJkrB9aHVWk0KiuaJ+mabxJcNFJS53BOj+iU2/Q0:KJoLGsytwJuraB0KiuaJC8XC3EE2o4JF
Score

10^/10

formbook pa12 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2