formbook

General

Target

06043959e79bbeccaa6370466d3b9745b684ddaede9d2b4e6b652c926fbebe74
Size

1.0MB
Sample

241130-pfjs8sxqfr
MD5

adeb899bfc362576c6a3702263d34b6c
SHA1

8068f7de219bc6440861f40611566715d200e8e3
SHA256

06043959e79bbeccaa6370466d3b9745b684ddaede9d2b4e6b652c926fbebe74
SHA512

3a62c60ba24550bdb0aa2e9935dfc64aba0cdb5f99b400519b201783e5e10b37811ba125bf1c78df745bc824e79d4995efabb1c8ba9ffb69986d02f9c3e83ff0
SSDEEP

24576:ffmMv6Ckr7Mny5QL2MdSwBPPy/EZHg8kjMBb:f3v+7/5QL2MMwc8grjMBb

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

f29s

Decoy

rostnixon.net

exxxwordz.xyz

ndradesanches.shop

eneral-vceef.xyz

isanbowl.top

aresrasherregard.cfd

dzas-yeah.xyz

0083.miami

hongziyin01.top

jdhfmq.live

alembottling.net

vtyo-phone.xyz

kaqb-decade.xyz

odel-lsmfz.xyz

aradise.tech

uan123-rtp43.xyz

pusptracking.xyz

uqhi42.xyz

mihy-professor.xyz

mnz-your.xyz

Targets

- Target
  
  06043959e79bbeccaa6370466d3b9745b684ddaede9d2b4e6b652c926fbebe74
- Size
  
  1.0MB
- MD5
  
  adeb899bfc362576c6a3702263d34b6c
- SHA1
  
  8068f7de219bc6440861f40611566715d200e8e3
- SHA256
  
  06043959e79bbeccaa6370466d3b9745b684ddaede9d2b4e6b652c926fbebe74
- SHA512
  
  3a62c60ba24550bdb0aa2e9935dfc64aba0cdb5f99b400519b201783e5e10b37811ba125bf1c78df745bc824e79d4995efabb1c8ba9ffb69986d02f9c3e83ff0
- SSDEEP
  
  24576:ffmMv6Ckr7Mny5QL2MdSwBPPy/EZHg8kjMBb:f3v+7/5QL2MMwc8grjMBb
Score

10^/10

formbook f29s discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2