formbook

General

Target

67605bfe77b822b7256723089082b0f15b23bb69e6de86191750b660c0a438e3
Size

723KB
Sample

241106-kpavgayrhr
MD5

f62b09877bf8505631af6328a5ffe43d
SHA1

825126634ded449283e102ca030a9bb8da808ebe
SHA256

67605bfe77b822b7256723089082b0f15b23bb69e6de86191750b660c0a438e3
SHA512

a3eededf1e61fdbabba706a5e212c7c48c191e45e05f203fa496e5162dc3d6f7636513309f65966729c6df9c54cc9b6c3cfc6809915917152405f40170e97b41
SSDEEP

12288:gM3ZJ0BWeQhUDt+t6WhjR1F5RsQTx+AZLRLdcNjtEO:1ZhUDt+jR1F5pcuLdcr

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

md49

Decoy

enithpro.shop

utozeed.agency

ornpicsbd.xyz

82yjj301.top

kphone.online

3ccha73hdl5.shop

seinow.online

usurrofest.info

2ads2s2.top

oritskul.net

etlivecasino.bet

erts.navy

anieubezpieczenia.online

dyhph1020pm.top

paceglide.space

ibmedia.net

arwyking.icu

soriaticarthritis101.today

earopia.shop

gctg2qt4h.top

Targets

- Target
  
  67605bfe77b822b7256723089082b0f15b23bb69e6de86191750b660c0a438e3
- Size
  
  723KB
- MD5
  
  f62b09877bf8505631af6328a5ffe43d
- SHA1
  
  825126634ded449283e102ca030a9bb8da808ebe
- SHA256
  
  67605bfe77b822b7256723089082b0f15b23bb69e6de86191750b660c0a438e3
- SHA512
  
  a3eededf1e61fdbabba706a5e212c7c48c191e45e05f203fa496e5162dc3d6f7636513309f65966729c6df9c54cc9b6c3cfc6809915917152405f40170e97b41
- SSDEEP
  
  12288:gM3ZJ0BWeQhUDt+t6WhjR1F5RsQTx+AZLRLdcNjtEO:1ZhUDt+jR1F5pcuLdcr
Score

10^/10

discovery formbook md49 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2