formbook

General

Target

53daafedffd7fad6a7ab9b6ac1e8e5d4994dfc68cd119178ef37d0aefb2a643f.exe
Size

1.1MB
Sample

241105-qk3yca1les
MD5

8f632eef9026f24d602275ec1db2a589
SHA1

d01171e5ccb31bd43ed3aa08dde8df90802115e6
SHA256

53daafedffd7fad6a7ab9b6ac1e8e5d4994dfc68cd119178ef37d0aefb2a643f
SHA512

9d3ed42b736de17b2f1bbf9823494bd9d26eb7aeb5e37acef8e0b7a3beae68494ab8393f6caf9b1cb127933062eb6227b0b044dd7e7ba7f66c60f149b92c8032
SSDEEP

24576:ffmMv6Ckr7Mny5QLKMe8FpezKWGJPAeiesb10:f3v+7/5QLKpK5WwIewZ0

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rn94

Decoy

st68v.xyz

conciergenotary.net

qwechaotk.top

rtpdonatoto29.xyz

8ad.xyz

powermove.top

cameras-30514.bond

vanguardcoffee.shop

umoe53fxc1bsujv.buzz

consultoriamax.net

hplxx.com

ndu.wtf

yzh478c.xyz

bigbrown999.site

xiake07.asia

resdai.xyz

the35678.shop

ba6rf.rest

ceo688.com

phimxhot.xyz

Targets

- Target
  
  53daafedffd7fad6a7ab9b6ac1e8e5d4994dfc68cd119178ef37d0aefb2a643f.exe
- Size
  
  1.1MB
- MD5
  
  8f632eef9026f24d602275ec1db2a589
- SHA1
  
  d01171e5ccb31bd43ed3aa08dde8df90802115e6
- SHA256
  
  53daafedffd7fad6a7ab9b6ac1e8e5d4994dfc68cd119178ef37d0aefb2a643f
- SHA512
  
  9d3ed42b736de17b2f1bbf9823494bd9d26eb7aeb5e37acef8e0b7a3beae68494ab8393f6caf9b1cb127933062eb6227b0b044dd7e7ba7f66c60f149b92c8032
- SSDEEP
  
  24576:ffmMv6Ckr7Mny5QLKMe8FpezKWGJPAeiesb10:f3v+7/5QLKpK5WwIewZ0
Score

10^/10

formbook rn94 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2