formbook

General

Target

086e6e93db04c73bb5fe0e429eae88d77a4db13f139e5f1327c0ce17bc790123
Size

769KB
Sample

241107-m817wazqfv
MD5

0cd71f98b15304292c20f5edf389f84d
SHA1

b21b3ee39b34e6cbe4d51213844c924c837542f1
SHA256

086e6e93db04c73bb5fe0e429eae88d77a4db13f139e5f1327c0ce17bc790123
SHA512

1da829cf5d30c393063f91d7d53dda03902e603fa927df0a03e7eeeb12c68c8fc3304f6f28a4700d3bd0644a919a3eca5e6c247f3b83cf5b9486d65a86a8b467
SSDEEP

12288:m1fe1F7Y7d471lUhJD/TOQFnUVtah4j1wuwZKZmDKzAYnrF4ZE6ae5/OMM8kL:m1W1FidNFfFU2kRwZ4GKnrWEe/OMZ

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

me18

Decoy

ccording-ssovr.xyz

ractionalfinancesolutions.xyz

uslkw-team.xyz

verythingstop.shop

ntirehome.services

na-lyst.net

onsumer-fsznl.xyz

ndevoastiraveria.cfd

siawellbeing.institute

evizjalrp.net

ig-woqgok.xyz

cvbe-but.xyz

yoei-spend.xyz

ilatify.app

xxlsopp.xyz

etworknorth.website

nvhjgy.top

nstead-nkrkgh.xyz

ernagevoicerswhatna.cfd

atarpostmu.top

Targets

- Target
  
  086e6e93db04c73bb5fe0e429eae88d77a4db13f139e5f1327c0ce17bc790123
- Size
  
  769KB
- MD5
  
  0cd71f98b15304292c20f5edf389f84d
- SHA1
  
  b21b3ee39b34e6cbe4d51213844c924c837542f1
- SHA256
  
  086e6e93db04c73bb5fe0e429eae88d77a4db13f139e5f1327c0ce17bc790123
- SHA512
  
  1da829cf5d30c393063f91d7d53dda03902e603fa927df0a03e7eeeb12c68c8fc3304f6f28a4700d3bd0644a919a3eca5e6c247f3b83cf5b9486d65a86a8b467
- SSDEEP
  
  12288:m1fe1F7Y7d471lUhJD/TOQFnUVtah4j1wuwZKZmDKzAYnrF4ZE6ae5/OMM8kL:m1W1FidNFfFU2kRwZ4GKnrWEe/OMZ
Score

10^/10

formbook me18 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2