formbook

General

Target

d5e62cf36dd59a8404f074b83dd5113c51d4a1c4299d874c6e6eb8539d332364.exe
Size

603KB
Sample

241119-gn455s1kgy
MD5

0e578fefa53e00adc57473f38bcc789c
SHA1

3db235af988a50ecbdf6d18f2f251a38ac5c9273
SHA256

d5e62cf36dd59a8404f074b83dd5113c51d4a1c4299d874c6e6eb8539d332364
SHA512

e0cab0f9c1bc7126294e29a834f900de80d7ad3008297ca92ecbc0cf0e306e48aaa0dffe32bdd7b8f79f7dc4ad79a187932a917ee13fa1e3a1262bdc744f8501
SSDEEP

12288:EMyCOazSlBBvVdPEc+dhlT9CLlb2GS8HwPL3qkEqtU:EMyielDvHbwTQt2ZZDIqtU

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dr14

Decoy

ypewriter.pro

conoficina.shop

etrules.net

bwuc-ball.xyz

obis.xyz

tpbuncistoto.xyz

lhakikas.net

long-ybzxgm.xyz

ray-east.xyz

hild-rbfij.xyz

imself-kyac.xyz

ftuu-government.xyz

om-tracksi.top

olicy-yzipy.xyz

ntalaxlesbabbool.cfd

ingleyou.top

ieryfiertzframing.cfd

pon-nacgrz.xyz

aomei515.top

alzgroup.net

Targets

- Target
  
  d5e62cf36dd59a8404f074b83dd5113c51d4a1c4299d874c6e6eb8539d332364.exe
- Size
  
  603KB
- MD5
  
  0e578fefa53e00adc57473f38bcc789c
- SHA1
  
  3db235af988a50ecbdf6d18f2f251a38ac5c9273
- SHA256
  
  d5e62cf36dd59a8404f074b83dd5113c51d4a1c4299d874c6e6eb8539d332364
- SHA512
  
  e0cab0f9c1bc7126294e29a834f900de80d7ad3008297ca92ecbc0cf0e306e48aaa0dffe32bdd7b8f79f7dc4ad79a187932a917ee13fa1e3a1262bdc744f8501
- SSDEEP
  
  12288:EMyCOazSlBBvVdPEc+dhlT9CLlb2GS8HwPL3qkEqtU:EMyielDvHbwTQt2ZZDIqtU
Score

10^/10

formbook dr14 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2