formbook

General

Target

OS_PO#3210046374_SALE ORDER_SHIWON_11112024.exe
Size

1.3MB
Sample

241111-s62zaa1cpr
MD5

17e2bbc472ca1aa21c727bb7221b8f66
SHA1

bb87dc229aa40e4587547bd42cdf6f2c94fe1127
SHA256

1f9fc55d94da0f03f055cced46fdf1a408dbee7d9573d27a92172dda1e0e9bff
SHA512

d654f4f5681c026c34d3c608e1b04809e2b368e1da087d11d3b9ee1979d5a86a51e1fec8e799b734c5fde19b9739fadbd5f29cf8188efa794c042a8771be2178
SSDEEP

24576:05EmXFtKaL4/oFe5T9yyXYfP1ijXdaqiroi4Pw7lIr/uLVKmeTW1N:0PVt/LZeJbInQRaqzillwWZW

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ge07

Decoy

amyard.shop

eloshost.xyz

g18q11a.top

orensic-vendor-735524320.click

ithin-ksvodn.xyz

xhyx.top

elonix-traceglow.pro

cillascrewedsedroth.cfd

wner-nyquh.xyz

reyhazeusa.shop

esmellretaperetotal.cfd

hqm-during.xyz

pipagtxcorrelo.xyz

lray-civil.xyz

apybarameme.xyz

rbuds.shop

hild-fcudh.xyz

rkgexg.top

estwestcottwines.shop

giyztm.xyz

Targets

- Target
  
  OS_PO#3210046374_SALE ORDER_SHIWON_11112024.exe
- Size
  
  1.3MB
- MD5
  
  17e2bbc472ca1aa21c727bb7221b8f66
- SHA1
  
  bb87dc229aa40e4587547bd42cdf6f2c94fe1127
- SHA256
  
  1f9fc55d94da0f03f055cced46fdf1a408dbee7d9573d27a92172dda1e0e9bff
- SHA512
  
  d654f4f5681c026c34d3c608e1b04809e2b368e1da087d11d3b9ee1979d5a86a51e1fec8e799b734c5fde19b9739fadbd5f29cf8188efa794c042a8771be2178
- SSDEEP
  
  24576:05EmXFtKaL4/oFe5T9yyXYfP1ijXdaqiroi4Pw7lIr/uLVKmeTW1N:0PVt/LZeJbInQRaqzillwWZW
Score

10^/10

formbook ge07 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2