formbook

General

Target

6a8b72f509a905936ff80fcc3bfcee5080c03a64c43f9664fdbe5ec90b80cc98
Size

765KB
Sample

241107-m817wa1fjm
MD5

83cba1d07ab04a5acd9203200789039e
SHA1

bfd219047bb597da219ab8690a06264d87ff5aec
SHA256

6a8b72f509a905936ff80fcc3bfcee5080c03a64c43f9664fdbe5ec90b80cc98
SHA512

e069d0e8f24ef3b52bad295c2e5e32c382452b0e6add87b7331c40880bb248c4c54c83bb537ebe58dc00f2a14c7820c69afa01ef8332871f355587b192893e89
SSDEEP

12288:81ne1F7Y7dZYeTRzlX+DITTPtKFfxSLHU+pM43a4UVEKC/OMM8ke:81e1FidTR+D0FKFfxSF5yC/OMZ

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

me18

Decoy

ccording-ssovr.xyz

ractionalfinancesolutions.xyz

uslkw-team.xyz

verythingstop.shop

ntirehome.services

na-lyst.net

onsumer-fsznl.xyz

ndevoastiraveria.cfd

siawellbeing.institute

evizjalrp.net

ig-woqgok.xyz

cvbe-but.xyz

yoei-spend.xyz

ilatify.app

xxlsopp.xyz

etworknorth.website

nvhjgy.top

nstead-nkrkgh.xyz

ernagevoicerswhatna.cfd

atarpostmu.top

Targets

- Target
  
  6a8b72f509a905936ff80fcc3bfcee5080c03a64c43f9664fdbe5ec90b80cc98
- Size
  
  765KB
- MD5
  
  83cba1d07ab04a5acd9203200789039e
- SHA1
  
  bfd219047bb597da219ab8690a06264d87ff5aec
- SHA256
  
  6a8b72f509a905936ff80fcc3bfcee5080c03a64c43f9664fdbe5ec90b80cc98
- SHA512
  
  e069d0e8f24ef3b52bad295c2e5e32c382452b0e6add87b7331c40880bb248c4c54c83bb537ebe58dc00f2a14c7820c69afa01ef8332871f355587b192893e89
- SSDEEP
  
  12288:81ne1F7Y7dZYeTRzlX+DITTPtKFfxSLHU+pM43a4UVEKC/OMM8ke:81e1FidTR+D0FKFfxSF5yC/OMZ
Score

10^/10

formbook me18 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2