formbook

General

Target

d3ad6900cfa2cd98442a60228532b6df7a32b603a6c6f0b8bf28f30aaeaf54b1
Size

851KB
Sample

241128-edq5eszqdl
MD5

3071d04f2ac0803c677918eef3ec7d28
SHA1

1a85f237966cbd7883ad0d4e4bcd9f16d4439753
SHA256

d3ad6900cfa2cd98442a60228532b6df7a32b603a6c6f0b8bf28f30aaeaf54b1
SHA512

cf4efaeeaffeedbafba1d05ced9fc1912bda9e0e36624727cef80451112d403c09a37b1a1127627c7edd28796b8248dd237acd0b0e8bea6c3580b796dbfcb061
SSDEEP

12288:kYcMuXj9L5sl1ApYy42fxWfWgYv7im/DOSych8yL+tGwAizmGaKgYNLKitTra:8L5sl1ApXhfQfivGADl8yL5wAymGuU

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bopi

Decoy

zq4.top

relationship-coach-88497.bond

destekbirimi.xyz

tgh-reg.xyz

pepcapital.net

edunote.media

loans-credits-63765.bond

zhxgtlw.top

rajalele.xyz

ug-tower.asia

agrajter.com

investment-services-44387.bond

yaoxiaocang.fun

23win6.top

used-cars-84168.bond

primesourceglobal.net

indiapostsk.vip

qe2i7cghzpebk.buzz

furniture-27975.bond

fy489tysiot4twoinsr3295y78h.xyz

Targets

- Target
  
  d3ad6900cfa2cd98442a60228532b6df7a32b603a6c6f0b8bf28f30aaeaf54b1
- Size
  
  851KB
- MD5
  
  3071d04f2ac0803c677918eef3ec7d28
- SHA1
  
  1a85f237966cbd7883ad0d4e4bcd9f16d4439753
- SHA256
  
  d3ad6900cfa2cd98442a60228532b6df7a32b603a6c6f0b8bf28f30aaeaf54b1
- SHA512
  
  cf4efaeeaffeedbafba1d05ced9fc1912bda9e0e36624727cef80451112d403c09a37b1a1127627c7edd28796b8248dd237acd0b0e8bea6c3580b796dbfcb061
- SSDEEP
  
  12288:kYcMuXj9L5sl1ApYy42fxWfWgYv7im/DOSych8yL+tGwAizmGaKgYNLKitTra:8L5sl1ApXhfQfivGADl8yL5wAymGuU
Score

10^/10

formbook bopi discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2