formbook

General

Target

b7a39ea606be29b9f2eaeb54f87762ec72b48fbd40ccef586057e0d987a4b545
Size

247KB
Sample

241121-yxeehswngy
MD5

0be017f9680e52f6471720b9985503ae
SHA1

52e0545431a8719658fb0ed8372a8be2e794b546
SHA256

b7a39ea606be29b9f2eaeb54f87762ec72b48fbd40ccef586057e0d987a4b545
SHA512

28fed520f191a3dff9d6636f2176e83ddb4ada3e77f6f6a775bc2f0f9adec652312f05ed8171015e00fc0c832d84de4bb80853c997cd2fb5f0cd84e4bc29d40c
SSDEEP

6144:jVEPy9p7ghpI//nd1vHXndBhGFDT2PrHHGBBoAk:jWq9pyu//dV3JqDCPq/Lk

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

i3tw

Decoy

016XYOaa546POq6CaRVpEfQ=

6WCLUcRz6K7qTqIK

bIa/9uWTepQa6eQd

32urdxWXgrknUIeDYktb

EojfLVA0GyB2mYgMgzdT

jFbHYJhPwpebnHjAY0pZ

gxSusEwA30uVtrErCrQ=

EeJOmOn63OaCHIw=

r3K0jTvKtOR4EV3q1dOdHgYVCLVG

6LEakplWzoSSLXZH3t6XDQ==

MThmlLavncxvAo1f3t6XDQ==

SqUmLs+BeJfa69kp7qSmIfuU5K3ZMg==

GuIYfF0o7zGPJY4=

AEd4Wd7JRsdzBX9dPgO7KNJY6NX2Sga4

E1SDU8MxGoZaPFgn9w==

cIq96QyWC/k1XDBRTR9FQOaLosd4Og==

/zRZMuaxmZnX291wZQCXhiq1his=

+47IMmwvk2jyx7MA

IGKz6DH4iraNLQ==

Kh1gHpxbw0MDkwSyaOqjKgTlK69R

Targets

- Target
  
  51411372b243457824f813704098d411028c9041a6510ddf74be80cfa94b1882
- Size
  
  273KB
- MD5
  
  e549341d5f45d8ac49bd6e75d4d72d35
- SHA1
  
  f25f8f48778b995e408bd84f58800ad1c7a7328f
- SHA256
  
  51411372b243457824f813704098d411028c9041a6510ddf74be80cfa94b1882
- SHA512
  
  3e37e90128974062766a2de3bf4647853da2d04a407a37ea3b55107a3cb18315e2929aedce12871361447bfd0d4c58c56bba098b0cd4b332c541271cb2410437
- SSDEEP
  
  6144://UFQEmfXkLoIeTB/CEj4kCK8ASHLeqe6z22p7h9guq/xG:XUiEmfULagEj4kb89njZguq/s
Score

10^/10

formbook i3tw discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2