formbook

General

Target

13112024_0006_12112024_számla kiegyenlítése fizetéshez 2024. november 12 xlsx.z
Size

489KB
Sample

241113-adx6hswraj
MD5

efd50916aa1a66c73bc8bb0d12ecb528
SHA1

4b27813b79389393fa7a7462e458c5152f90e3e4
SHA256

5c2a86ed29bd6dd599bd6be9aaaa55a130479f5bbce253ab18bc70c3efcdedec
SHA512

5f5d40fcbefa51a065be5192d0a006ec5b4e7912911f03c46f8ee19c5ee8a0eb1de9ef3bd2045bec01566af2d0a07ccfc2c42e2d8f76bdf562108a36f78e6b3f
SSDEEP

12288:hCrBhD2VKbXqQ7QKiSThBXgw+g0u7qvCNS7eseC0OXRVtTes:hG/kvQu6BwxRu7qvCN0eseVOXztR

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ud04

Decoy

oum7.pro

ovonordisk.online

akrzus.pro

tendmtedcpsa.site

mm.foo

animevyhgsft29817.click

digdxxb.info

1130.vip

uy-now-pay-later-74776.bond

ybzert.online

edcn.link

rime-flow-bay.xyz

nd777id.beauty

otoyama.shop

lranchomx.xyz

unluoren.top

uglesang-troms.net

udulbet88.net

raquewear.shop

ijanarko.net

Targets

- Target
  
  számla kiegyenlítése fizetéshez 2024. november 12.xlsx.exe
- Size
  
  841KB
- MD5
  
  2ca1db1686ff55281637e04d05649c60
- SHA1
  
  12f5533069b7c700d09083d1825c2b367898e989
- SHA256
  
  fbab206c6c7b6965e909774c6fa2a331c047ed35178fc94878196728c2a0ec88
- SHA512
  
  123308f4cfd36288682557f07fbaa615bee627dbf31e8f325cf6c738cc0abe8a7e134d2c79a02734872ad398e0a40a1376559b279fc2f4c796d29d507d5c9b70
- SSDEEP
  
  12288:ehkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aCCse57kV60s1myQx1/dOe:uRmJkcoQricOIQxiZY1iaCG5MFs1gJ
Score

10^/10

formbook ud04 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2