formbook

General

Target

57d63825b2849f4590c05f6612239d26b4ab097ecc401216f2502d200bd1d151
Size

631KB
Sample

241106-c18lwataqb
MD5

10bc37bf8d2415074b90b7f3362cecaa
SHA1

ac82abe49a1161c6ec176e76c9d27b968948ece2
SHA256

57d63825b2849f4590c05f6612239d26b4ab097ecc401216f2502d200bd1d151
SHA512

9ca55ddd27578894cd4cd9893fdaebf29b43c07c8cc89a4dfddb2b419faf5065e32671901300ab92797965ec8cf5cdf7fa7d18e1017183638002392927f47cec
SSDEEP

12288:1cQbEeX/zYMY+VIRaxKmnWk4li/OJ7NWivvmLNt/hSg4/4jxvBF5RBu+DAmf/q6Y:1c0//PZ1xKGr4A/iWiXmA54j7Pu+DA8+

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

me18

Decoy

ccording-ssovr.xyz

ractionalfinancesolutions.xyz

uslkw-team.xyz

verythingstop.shop

ntirehome.services

na-lyst.net

onsumer-fsznl.xyz

ndevoastiraveria.cfd

siawellbeing.institute

evizjalrp.net

ig-woqgok.xyz

cvbe-but.xyz

yoei-spend.xyz

ilatify.app

xxlsopp.xyz

etworknorth.website

nvhjgy.top

nstead-nkrkgh.xyz

ernagevoicerswhatna.cfd

atarpostmu.top

Targets

- Target
  
  57d63825b2849f4590c05f6612239d26b4ab097ecc401216f2502d200bd1d151
- Size
  
  631KB
- MD5
  
  10bc37bf8d2415074b90b7f3362cecaa
- SHA1
  
  ac82abe49a1161c6ec176e76c9d27b968948ece2
- SHA256
  
  57d63825b2849f4590c05f6612239d26b4ab097ecc401216f2502d200bd1d151
- SHA512
  
  9ca55ddd27578894cd4cd9893fdaebf29b43c07c8cc89a4dfddb2b419faf5065e32671901300ab92797965ec8cf5cdf7fa7d18e1017183638002392927f47cec
- SSDEEP
  
  12288:1cQbEeX/zYMY+VIRaxKmnWk4li/OJ7NWivvmLNt/hSg4/4jxvBF5RBu+DAmf/q6Y:1c0//PZ1xKGr4A/iWiXmA54j7Pu+DA8+
Score

10^/10

formbook me18 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2