formbook

General

Target

ec31185d1637e1459e6c359f775e8ce5c329d7a6981a85087058cb75060cbcfb
Size

629KB
Sample

241106-c18xmswjgm
MD5

0e924cb765e169c11e6b12fd662966bc
SHA1

3fd1d898a38175612579752485b21eb0412707eb
SHA256

ec31185d1637e1459e6c359f775e8ce5c329d7a6981a85087058cb75060cbcfb
SHA512

45bc7882c269c37d7e7811ec449ae177f06fa324696b253e25dffaf4e78c28f5c2bf6208ae43d16e2d14bfc72370a207235eb626fda29549eae2cccf6aa2706e
SSDEEP

12288:3hQbEeX/zYMH5IG3HWgGRKY2e7v/aEEGxs30wVQnaMN:3h0//PH5Iy2zRN2e7v/9EGxC3MN

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

me18

Decoy

ccording-ssovr.xyz

ractionalfinancesolutions.xyz

uslkw-team.xyz

verythingstop.shop

ntirehome.services

na-lyst.net

onsumer-fsznl.xyz

ndevoastiraveria.cfd

siawellbeing.institute

evizjalrp.net

ig-woqgok.xyz

cvbe-but.xyz

yoei-spend.xyz

ilatify.app

xxlsopp.xyz

etworknorth.website

nvhjgy.top

nstead-nkrkgh.xyz

ernagevoicerswhatna.cfd

atarpostmu.top

Targets

- Target
  
  ec31185d1637e1459e6c359f775e8ce5c329d7a6981a85087058cb75060cbcfb
- Size
  
  629KB
- MD5
  
  0e924cb765e169c11e6b12fd662966bc
- SHA1
  
  3fd1d898a38175612579752485b21eb0412707eb
- SHA256
  
  ec31185d1637e1459e6c359f775e8ce5c329d7a6981a85087058cb75060cbcfb
- SHA512
  
  45bc7882c269c37d7e7811ec449ae177f06fa324696b253e25dffaf4e78c28f5c2bf6208ae43d16e2d14bfc72370a207235eb626fda29549eae2cccf6aa2706e
- SSDEEP
  
  12288:3hQbEeX/zYMH5IG3HWgGRKY2e7v/aEEGxs30wVQnaMN:3h0//PH5Iy2zRN2e7v/9EGxC3MN
Score

10^/10

formbook me18 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2