formbook

Resubmissions

22-11-2024 02:40

241122-c6dcxsynem 10

22-11-2024 02:40

241122-c5xeeayndj 10

22-11-2024 02:35

241122-c22vqaspc1 10

Sharing

Copy URL

Twitter E-mail

General

Target

68c3605100b20d0e04a069565f5ce7f6f55b7546f52dcf22328e3a321637e361.exe
Size

21KB
Sample

241122-c5xeeayndj
MD5

223b42adc2e6eeb342664ffa633c3a6a
SHA1

00612d9ce02cde93cd73eebcbee0deece4da3f8f
SHA256

68c3605100b20d0e04a069565f5ce7f6f55b7546f52dcf22328e3a321637e361
SHA512

8c2e1ca20137aa4871509dbf17d27eeed4ae13433f95b63eda48570b2158317d3d72edda78f7b6c43bbc4f39c5bf84d83988c6afd6a5e6f1bdcda331f82c6847
SSDEEP

384:cs+2GqOOyQuluvnDS3d2dD03jVsV8ftnokwRwAoDNwAUPNtdI6+eQAozrBtHzkL:cs+2G8ZQ+SXjWooPjBBAtHzae6eX

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o62s

Decoy

lectrobay.shop

enisehirarnavutkoy.xyz

itoolz.net

otorcycle-loans-40378.bond

opjobsinusa.today

uara228j.shop

ukulbagus10.click

enhealth07.shop

cpoker.pro

ome-remodeling-16949.bond

andu.shop

hubbychicocharmqs.shop

onghi292.top

ussines-web-creators.net

alenspencer.online

ryptogigt.top

epiyiisigorta.online

ental-implants-77717.bond

juta.click

enisehirevleriarnavutkoy.xyz

Targets

- Target
  
  68c3605100b20d0e04a069565f5ce7f6f55b7546f52dcf22328e3a321637e361.exe
- Size
  
  21KB
- MD5
  
  223b42adc2e6eeb342664ffa633c3a6a
- SHA1
  
  00612d9ce02cde93cd73eebcbee0deece4da3f8f
- SHA256
  
  68c3605100b20d0e04a069565f5ce7f6f55b7546f52dcf22328e3a321637e361
- SHA512
  
  8c2e1ca20137aa4871509dbf17d27eeed4ae13433f95b63eda48570b2158317d3d72edda78f7b6c43bbc4f39c5bf84d83988c6afd6a5e6f1bdcda331f82c6847
- SSDEEP
  
  384:cs+2GqOOyQuluvnDS3d2dD03jVsV8ftnokwRwAoDNwAUPNtdI6+eQAozrBtHzkL:cs+2G8ZQ+SXjWooPjBBAtHzae6eX
Score

10^/10

formbook o62s discovery persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2