formbook

General

Target

12112024_1558_12112024_decontare facturi pentru plata 12 noiembrie 2024 xlsx.z
Size

489KB
Sample

241112-teh8jawdpd
MD5

78f682f6d1c8ca1f900d18606409ca4f
SHA1

4ed6efa3087318db279fb8ae8d8aa87df213a20f
SHA256

0856d56979e38321be30e3d30250c260bf0bd8c7291072ead288b52ab6d79a09
SHA512

91405b4cc1c8fe0a29f82706ffcd9731b79611199bb053e15eabd8930b2aeef06bdf079071e92e20e5aef1620b6ff9d8bc82d6174e040bdda824d2c21f8216ea
SSDEEP

12288:MsjhD2y1Jy6vWdpIZU2XY9kBnp+dMmg4NgvrZ:M4XLyUWdpRce+X4ivN

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ud04

Decoy

oum7.pro

ovonordisk.online

akrzus.pro

tendmtedcpsa.site

mm.foo

animevyhgsft29817.click

digdxxb.info

1130.vip

uy-now-pay-later-74776.bond

ybzert.online

edcn.link

rime-flow-bay.xyz

nd777id.beauty

otoyama.shop

lranchomx.xyz

unluoren.top

uglesang-troms.net

udulbet88.net

raquewear.shop

ijanarko.net

Targets

- Target
  
  decontare facturi pentru plata 12 noiembrie 2024.xlsx.exe
- Size
  
  841KB
- MD5
  
  ab2dfb698064ac25851a476950c6a9c3
- SHA1
  
  9cae4957454e0ce9be9436938c04d9d83238c120
- SHA256
  
  23f126565cbc87f7f1e0dca89fd37851d637946877e7607d5c1ece77ce628f80
- SHA512
  
  749e3d3f38babf079e6bc008cd12c6e544892d308f3d35f04ffdd5dd347f7c06b2e008f3b6ce6630571143c4af848be8edc8038b671a57d7f2a11e27b531d386
- SSDEEP
  
  24576:uRmJkcoQricOIQxiZY1iaCnFcU7V4k6+/Xs:7JZoQrbTFZY1iaCnmU7x6Gs
Score

10^/10

formbook ud04 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2