formbook

General

Target

3d6a30e936c604f1ffb5f3eba6a0b5c800ebc774438b5fee051e52ceedc26cab
Size

809KB
Sample

241107-ck2hmavphr
MD5

c21af9b6d7b46ba84c1b9fa94a6d2f60
SHA1

e123cb410f6634eea43c82a684e0efb9d3693039
SHA256

3d6a30e936c604f1ffb5f3eba6a0b5c800ebc774438b5fee051e52ceedc26cab
SHA512

02dc170524ce4e45f7d122a2eaadf96480e66add39f3d50abe0ef396380015b0f46e1034dd4043b4a0864726bc73ddc78fc141b6574191cc050fd6d33d7e066e
SSDEEP

24576:yq0qFmNmMNObSiy0+YfvFhV4n7nybRPw6p:yqLmoMQeiy4fNhV4Ohws

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

me18

Decoy

ccording-ssovr.xyz

ractionalfinancesolutions.xyz

uslkw-team.xyz

verythingstop.shop

ntirehome.services

na-lyst.net

onsumer-fsznl.xyz

ndevoastiraveria.cfd

siawellbeing.institute

evizjalrp.net

ig-woqgok.xyz

cvbe-but.xyz

yoei-spend.xyz

ilatify.app

xxlsopp.xyz

etworknorth.website

nvhjgy.top

nstead-nkrkgh.xyz

ernagevoicerswhatna.cfd

atarpostmu.top

Targets

- Target
  
  3d6a30e936c604f1ffb5f3eba6a0b5c800ebc774438b5fee051e52ceedc26cab
- Size
  
  809KB
- MD5
  
  c21af9b6d7b46ba84c1b9fa94a6d2f60
- SHA1
  
  e123cb410f6634eea43c82a684e0efb9d3693039
- SHA256
  
  3d6a30e936c604f1ffb5f3eba6a0b5c800ebc774438b5fee051e52ceedc26cab
- SHA512
  
  02dc170524ce4e45f7d122a2eaadf96480e66add39f3d50abe0ef396380015b0f46e1034dd4043b4a0864726bc73ddc78fc141b6574191cc050fd6d33d7e066e
- SSDEEP
  
  24576:yq0qFmNmMNObSiy0+YfvFhV4n7nybRPw6p:yqLmoMQeiy4fNhV4Ohws
Score

10^/10

formbook me18 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2