formbook

General

Target

dbd0f766892484935d48872b872d39fe1ddfa273b3efff8ce05ab2381a383182
Size

822KB
Sample

241127-e5nhlsxkgw
MD5

f1217c3aad742f6f0aed2d6cae0feae6
SHA1

ec8c8d19b72ce379bba42d52edb0639c2564ee2c
SHA256

dbd0f766892484935d48872b872d39fe1ddfa273b3efff8ce05ab2381a383182
SHA512

996b86f071a023e4f6ec6f0a0eee9d375a0fe36550615647ccf411dc1bbb4a715df4a53ced2f49d61b4ec4196a16b0f3977ea7bb18d795145b774be5a73fb49d
SSDEEP

12288:cbXj9L5sl1ApYy42fxWfWgYv7im/Qw9ELyX56CqFNpgNefKitTra:kL5sl1ApXhfQfivGAQDu56CqF3gNeCU

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

btrd

Decoy

toulouse.gold

launchyouglobal.com

margarita-services.com

dasnail.club

casa-hilo.com

hardscapesofflorida.com

thepositivitypulse.com

kkmyanev.cfd

love6ace22.top

castorcruise.com

chch6.com

h59f07jy.cfd

saatvikteerthyatra.com

fxsecuretrading-option.com

mostbet-k1o.click

36-m.beauty

ko-or-a-news.com

eurekatextile.com

gynlkj.com

deepsouthcraftsman.com

Targets

- Target
  
  dbd0f766892484935d48872b872d39fe1ddfa273b3efff8ce05ab2381a383182
- Size
  
  822KB
- MD5
  
  f1217c3aad742f6f0aed2d6cae0feae6
- SHA1
  
  ec8c8d19b72ce379bba42d52edb0639c2564ee2c
- SHA256
  
  dbd0f766892484935d48872b872d39fe1ddfa273b3efff8ce05ab2381a383182
- SHA512
  
  996b86f071a023e4f6ec6f0a0eee9d375a0fe36550615647ccf411dc1bbb4a715df4a53ced2f49d61b4ec4196a16b0f3977ea7bb18d795145b774be5a73fb49d
- SSDEEP
  
  12288:cbXj9L5sl1ApYy42fxWfWgYv7im/Qw9ELyX56CqFNpgNefKitTra:kL5sl1ApXhfQfivGAQDu56CqF3gNeCU
Score

10^/10

formbook btrd discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2