formbook

General

Target

c2c0190f73bcfc18eb96ef14d1f9deb9ed267342fa8af0f44b4c79e7b04d1ccb.exe
Size

1.0MB
Sample

241105-sje61asnhz
MD5

2152b36e66b0f34d055dd94dbb86c142
SHA1

80f6ffe1c3434d5034bfa9d69486b135529c434c
SHA256

c2c0190f73bcfc18eb96ef14d1f9deb9ed267342fa8af0f44b4c79e7b04d1ccb
SHA512

1d3e47dbd929290732d3e42d0b1f238003bf8571c40a0fb35d1d40cc072c2aeaf3962f02df2b25081bbea6ab213c5631e1cf21a857d92b5658a1f8917f4f275c
SSDEEP

12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QL0VlFA4rPpOaYqsIEBs+j4QcIZjMHcs:ffmMv6Ckr7Mny5QL0VpAarwhjhcJHCrW

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ms84

Decoy

ecurity-ukgaxq.xyz

45ee.top

risiddivinayaka.net

tizip-skill.xyz

ostcanadantet.top

764.xyz

oco188rtp.xyz

lobalacessory.shop

qcq-serve.xyz

dameth.top

arge-eycert.xyz

yzwj-she.xyz

bgfrp-plant.xyz

emesiartwork.net

rcw-hotel.xyz

loor-dfqzpi.xyz

vidence-zvkkln.xyz

oisthuchoyarura.shop

959108ttltxfm842.top

apzcc-both.xyz

Targets

- Target
  
  c2c0190f73bcfc18eb96ef14d1f9deb9ed267342fa8af0f44b4c79e7b04d1ccb.exe
- Size
  
  1.0MB
- MD5
  
  2152b36e66b0f34d055dd94dbb86c142
- SHA1
  
  80f6ffe1c3434d5034bfa9d69486b135529c434c
- SHA256
  
  c2c0190f73bcfc18eb96ef14d1f9deb9ed267342fa8af0f44b4c79e7b04d1ccb
- SHA512
  
  1d3e47dbd929290732d3e42d0b1f238003bf8571c40a0fb35d1d40cc072c2aeaf3962f02df2b25081bbea6ab213c5631e1cf21a857d92b5658a1f8917f4f275c
- SSDEEP
  
  12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QL0VlFA4rPpOaYqsIEBs+j4QcIZjMHcs:ffmMv6Ckr7Mny5QL0VpAarwhjhcJHCrW
Score

10^/10

formbook ms84 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2