formbook

General

Target

6583b31c04382b454584d574e9f72ee3.bin
Size

615KB
Sample

241103-bqhr2atnep
MD5

55bb427cd2cae144e9b0652e229b4cde
SHA1

d45d107db42eecd923cd79f129a3338abab1726b
SHA256

5a11ba94b03c04c13e5c2f9541a336c44afd98352c266c71eaf220015d30271e
SHA512

8f2e3f03e194df380529fa7e8b2f23e03c35778039bd5cfc1b9b568ca0ef5b9d28b70c8ab573a5ebaea663bfc57a8970dea1a8df5f50692f315b0ef8c7730b3c
SSDEEP

12288:MqX8q38jfKxLaBpFn+IkomUSsMaZj4+X7P+xGCiHh:FsrhkcxZ08CGtB

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pa12

Decoy

ouse-lbujyz.xyz

isterbims.net

oditelskii-spravki.top

ight-bloj.xyz

ocztapolskaws.pics

atzenbeekmanbekiss.cfd

4nvn55.top

ore-rmwtp.xyz

cutes.xyz

anhandleherald.xyz

aomei507.top

ffableeffumeegglike.cfd

4o2v3yp.top

thers-deaax.xyz

tpbp-mouth.xyz

orgers.services

artinhaustusheisson.shop

tki-environmental.xyz

xplindep.website

uiadeouro.shop

Targets

- Target
  
  8e19bbaa0d533f50d2b7c9013955c07772e752b0751ec30e73a36b792bdf4adc.exe
- Size
  
  735KB
- MD5
  
  6583b31c04382b454584d574e9f72ee3
- SHA1
  
  b17ff02e8c94f1686e5603bc6f4cc9da4b9d5693
- SHA256
  
  8e19bbaa0d533f50d2b7c9013955c07772e752b0751ec30e73a36b792bdf4adc
- SHA512
  
  e7bb0c31ea55c905f7a0e770ee6a3f59e2a41251a202bbff7d3d391d13ea50ee4a6a1f7b76eddfa631b086508ad536a1ed2392229bd314812dd8c80981514ea2
- SSDEEP
  
  12288:Kn9InteusjOXxpPOleIztNLIzJkrB9aHVWk0KiuaJ+mabxJcNFJS53BOj+iU2/Q0:KJoLGsytwJuraB0KiuaJC8XC3EE2o4JF
Score

10^/10

formbook pa12 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2