formbook | fe520e524da362765f10d5c14321965cacecc43bb8b182368f0fdc4fbff140de | Triage

Sharing

General

Target

fe520e524da362765f10d5c14321965cacecc43bb8b182368f0fdc4fbff140de
Size

667KB
Sample

241202-p4w4gatqby
MD5

32efec72a448a5e965b79f68d161c0e1
SHA1

a1e0804d12f993f34c6f720625b38d10eb7fb7db
SHA256

fe520e524da362765f10d5c14321965cacecc43bb8b182368f0fdc4fbff140de
SHA512

d6fd7bc0eae147c722fae935184e01e69dd802e1ff549d6eeb0d795e928e5e38f1c32c137527740793a1b175631c3d3cc699d1d6e7c4064a9be3e2e52e7ae795
SSDEEP

12288:IbTzYxUHyHNe67DZoMq05LFe7I+ov4Jq1F6EW42DrcpH:4gxQ6k6XZu05+IFQ06EHrpH

Score

10^/10

formbook at22 discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

at22

Decoy

etween-us.online

sphaleia.net

ental-implants-78350.bond

q4a.lat

commerce-97292.bond

linds-curtains-38811.bond

gyptevoyages.net

landofigueroa-abogados.net

cuitis.xyz

hantom.city

yzk.online

afikabmedan.store

ome-remodeling-67289.bond

ebpage-klzdxrhnazi.shop

eject.lol

rismart.xyz

nfluencer-marketing-72407.bond

ksolotl.xyz

ebsbayrntilrmizin93.xyz

pps-75399.bond

Targets

- Target
  
  SOA SWIFT HLCUDX3241041211.pdf.exe
- Size
  
  1.1MB
- MD5
  
  2b608c57d5501c123485c89eff7bbe4f
- SHA1
  
  600e8019976ef12f51e79243a1eb99cd3af04620
- SHA256
  
  76ff0dffd9ed6c45ac635bfb3aad12d48cb3d2f0ae6473ebd036e450037bf00a
- SHA512
  
  a2f3cb3d7cae424ffee7646bf4b5fd1992d4c7f631aa82965d780f764610b0d6803884666224e36f4c10d82b75c0c463bba75c863e18b4df1202c71173315edb
- SSDEEP
  
  24576:Uu6J33O0c+JY5UZ+XC0kGso6FagJE2ed9niWY:uu0c++OCvkGs9FagBALY
Score

10^/10

formbook at22 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookat22discoveryratspywarestealertrojan

behavioral2

formbookat22discoveryratspywarestealertrojan