formbook

General

Target

Purchase Order KEI_24-25_2014_pdf.z
Size

469KB
Sample

241127-sh37favmfn
MD5

002e126c48e9245bbf967643e5060f9b
SHA1

6ce2add7d16a20e71435b2cbafedab59a7ac9f5f
SHA256

cbe1ce2523037019b0ad6710496f03b6b147cbfa833875e2b926d7126a72d66a
SHA512

9acbdbdae87430dcc184e8e0a9395d8ca9efd3f950e73e3d31d7ae8c504a423c787e1cc6473006a2a1e7f5c4009d2a91889dae3429c0e050f824a93f7953d1dd
SSDEEP

12288:swek/6HK9BEmZG/zQ8UKVB3uZ6HqOBlcjoQA2wCn:ZekSHoBVNGj3uPOBlUoQA2Rn

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

btrd

Decoy

toulouse.gold

launchyouglobal.com

margarita-services.com

dasnail.club

casa-hilo.com

hardscapesofflorida.com

thepositivitypulse.com

kkmyanev.cfd

love6ace22.top

castorcruise.com

chch6.com

h59f07jy.cfd

saatvikteerthyatra.com

fxsecuretrading-option.com

mostbet-k1o.click

36-m.beauty

ko-or-a-news.com

eurekatextile.com

gynlkj.com

deepsouthcraftsman.com

Targets

- Target
  
  Purchase Order KEI_24-25_2014_pdf.exe
- Size
  
  636KB
- MD5
  
  db540008406cdfda78d7376355137f07
- SHA1
  
  67ba297c80a80f17ec891c0429b59f30527724d9
- SHA256
  
  57faa8a932b14577e6059332889866501a93e2b9552dd81dcb79a047254be749
- SHA512
  
  4fac3ffd2d003f51bb9cc3c97c65486385c54baef4ddb88e6b3db6713f61d86b25879d119cc3f6dca675429bb8b105e7cad07477edc33edc35eb74a01208f79c
- SSDEEP
  
  12288:zT4/i2fmLZL41rjVZL3ANOZNMMizbXrK47MColgzsDk:zT4q2fmLZM53AQZ/inblwBgI
Score

10^/10

formbook btrd discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2