formbook

General

Target

a4a68d9db4bda6fb6e4929d01f242a268813644afcd3f8f1c704ca5834a239fc.z
Size

603KB
Sample

241129-edagnstlct
MD5

47132df5df7d03d7ed8f01a64571eb69
SHA1

15caa5f2d79c133f889072a1bab2b93b04563e8e
SHA256

a4a68d9db4bda6fb6e4929d01f242a268813644afcd3f8f1c704ca5834a239fc
SHA512

fc8909aa23b592ba81e234ff87d92c6694e22591b980b7debaaa02cb5bfebf2e101e2d60566a2e3bb1d56343f539f1fd3d0b226384154e12af803f6b04624637
SSDEEP

12288:T3MZjCnkSnTMi3hrdkxUXuUSiPiE0NdfyVc4D2Fq9:buun3TNmxQhSi6RNd6Vc4D2Fq9

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ud04

Decoy

oum7.pro

ovonordisk.online

akrzus.pro

tendmtedcpsa.site

mm.foo

animevyhgsft29817.click

digdxxb.info

1130.vip

uy-now-pay-later-74776.bond

ybzert.online

edcn.link

rime-flow-bay.xyz

nd777id.beauty

otoyama.shop

lranchomx.xyz

unluoren.top

uglesang-troms.net

udulbet88.net

raquewear.shop

ijanarko.net

Targets

- Target
  
  Naskenujte kópiu faktúry 28. novembra 24 11·42·25 (1).docx.exe
- Size
  
  1.1MB
- MD5
  
  a4eec5bb811d5b3c6b2c1feddab718aa
- SHA1
  
  5ece2b4954d76829143ebe17061f2c0cbae452bc
- SHA256
  
  68f825f78bc851d6f7f216c2d056b9e0e80702ffbfd02da528fd0b948357ba2f
- SHA512
  
  7f38a3a6203f28b071efbb6f96b36b1b7926aec1257f82bacac0782c6f079dfad937dd67c22c0725a48f3beb1ab5c51783f8faa8473a400bdfe2599bdb91c853
- SSDEEP
  
  24576:ytb20pkaCqT5TBWgNQ7aeJc6a4PYHqn+6A:/Vg5tQ7ae+6a4gr5
Score

10^/10

formbook ud04 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2