formbook

General

Target

8a91c4bf99a674909e6993d52e061547517056d36f9b8e828a9148eb412ffa73
Size

1.1MB
Sample

241117-rfb5ha1kbw
MD5

1b597c240cd23fda73024ed811e4a906
SHA1

f773bdd6e924b65284d8a9ef67f61615a9764a8e
SHA256

8a91c4bf99a674909e6993d52e061547517056d36f9b8e828a9148eb412ffa73
SHA512

d1f00b959befd0c8f91587311d715508c45fb279e661f4ffacb5e3e5f0f19e4151f6baa35ff49fc5d7afe5bb0b09d96346da5d7b0324ee85edb4885ce07f07dc
SSDEEP

24576:Etb20pkaCqT5TBWgNQ7aXe1SQkPXr8mzcLk6A:tVg5tQ7aXe1bkPXAmzcY5

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

f29s

Decoy

rostnixon.net

exxxwordz.xyz

ndradesanches.shop

eneral-vceef.xyz

isanbowl.top

aresrasherregard.cfd

dzas-yeah.xyz

0083.miami

hongziyin01.top

jdhfmq.live

alembottling.net

vtyo-phone.xyz

kaqb-decade.xyz

odel-lsmfz.xyz

aradise.tech

uan123-rtp43.xyz

pusptracking.xyz

uqhi42.xyz

mihy-professor.xyz

mnz-your.xyz

Targets

- Target
  
  8a91c4bf99a674909e6993d52e061547517056d36f9b8e828a9148eb412ffa73
- Size
  
  1.1MB
- MD5
  
  1b597c240cd23fda73024ed811e4a906
- SHA1
  
  f773bdd6e924b65284d8a9ef67f61615a9764a8e
- SHA256
  
  8a91c4bf99a674909e6993d52e061547517056d36f9b8e828a9148eb412ffa73
- SHA512
  
  d1f00b959befd0c8f91587311d715508c45fb279e661f4ffacb5e3e5f0f19e4151f6baa35ff49fc5d7afe5bb0b09d96346da5d7b0324ee85edb4885ce07f07dc
- SSDEEP
  
  24576:Etb20pkaCqT5TBWgNQ7aXe1SQkPXr8mzcLk6A:tVg5tQ7aXe1bkPXAmzcY5
Score

10^/10

formbook f29s discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Drops startup file

Executes dropped EXE

Loads dropped DLL

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2