formbook

General

Target

bfb7388e3606586ff37b33b4a2ddc231b010c60bc4b1907780c7582939f84639
Size

688KB
Sample

241123-dnk6gsxjbw
MD5

f9ab9af186e3f93e2151f5a579a87ed5
SHA1

0295a08decc7447e11d0a72aa139fe5564fedcaf
SHA256

bfb7388e3606586ff37b33b4a2ddc231b010c60bc4b1907780c7582939f84639
SHA512

eeaaca6d9ff2be7f8ad961ac36b67afa651e9ab1ddea5679276f7383ebf72ee8b799cf1300199d49c6da01b023a786ed7685d57757a8d9e25fea01c759a50dbb
SSDEEP

12288:yrON+Ri3AgFdAirPuV7lXmkEFRtPWENotTyOxsuY+VE6/D+/HBzJ96Q:6Q3AggbmVFRt+uotTr8YLozqQ

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

q06e

Decoy

iibutogel88.life

atumainitx.net

axto1xb.top

iberalparti.xyz

etfury.shop

ainter-job-14480.bond

rhyd82593.vip

yexoiup.xyz

ityreel.page

usiness-ddljxgk.top

eifeigou.top

asl321.dev

eativ.cloud

ollywoodbets.fan

azekage.shop

ojarski.online

ardtaste.net

ltair-bots.online

atncs.top

k8y.info

Targets

- Target
  
  bfb7388e3606586ff37b33b4a2ddc231b010c60bc4b1907780c7582939f84639
- Size
  
  688KB
- MD5
  
  f9ab9af186e3f93e2151f5a579a87ed5
- SHA1
  
  0295a08decc7447e11d0a72aa139fe5564fedcaf
- SHA256
  
  bfb7388e3606586ff37b33b4a2ddc231b010c60bc4b1907780c7582939f84639
- SHA512
  
  eeaaca6d9ff2be7f8ad961ac36b67afa651e9ab1ddea5679276f7383ebf72ee8b799cf1300199d49c6da01b023a786ed7685d57757a8d9e25fea01c759a50dbb
- SSDEEP
  
  12288:yrON+Ri3AgFdAirPuV7lXmkEFRtPWENotTyOxsuY+VE6/D+/HBzJ96Q:6Q3AggbmVFRt+uotTr8YLozqQ
Score

10^/10

formbook q06e discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2