formbook

General

Target

7fc7e3f838c4650116cf170f9b680e661a1d0b78d8bb4697d1448107c4deb3d7
Size

639KB
Sample

241120-cck6nsxqav
MD5

06b6e5a00b0b2975ac2271f9dbf41263
SHA1

9cfd94d686177c6add553739f3e025cf5db870b3
SHA256

7fc7e3f838c4650116cf170f9b680e661a1d0b78d8bb4697d1448107c4deb3d7
SHA512

6c4ac762a964d884aac99861c30f1a927bbd072b65f14a128d0695eccc101e7a749b51e98bb594e50de2474a431f35a3e6ac8f8e4979ca73b06f238a7ea4b5e3
SSDEEP

12288:WK7AgIUilZnqkC1Vd4cTH5HW2NqtVscxsuw/cTAg:H7ARj+11Vd4CZ2gqtVVM/eAg

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

q06e

Decoy

iibutogel88.life

atumainitx.net

axto1xb.top

iberalparti.xyz

etfury.shop

ainter-job-14480.bond

rhyd82593.vip

yexoiup.xyz

ityreel.page

usiness-ddljxgk.top

eifeigou.top

asl321.dev

eativ.cloud

ollywoodbets.fan

azekage.shop

ojarski.online

ardtaste.net

ltair-bots.online

atncs.top

k8y.info

Targets

- Target
  
  client order.exe
- Size
  
  688KB
- MD5
  
  f9ab9af186e3f93e2151f5a579a87ed5
- SHA1
  
  0295a08decc7447e11d0a72aa139fe5564fedcaf
- SHA256
  
  bfb7388e3606586ff37b33b4a2ddc231b010c60bc4b1907780c7582939f84639
- SHA512
  
  eeaaca6d9ff2be7f8ad961ac36b67afa651e9ab1ddea5679276f7383ebf72ee8b799cf1300199d49c6da01b023a786ed7685d57757a8d9e25fea01c759a50dbb
- SSDEEP
  
  12288:yrON+Ri3AgFdAirPuV7lXmkEFRtPWENotTyOxsuY+VE6/D+/HBzJ96Q:6Q3AggbmVFRt+uotTr8YLozqQ
Score

10^/10

formbook q06e discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2