formbook

General

Target

ba1e3ff4198ba5dbb009b9f283e0a0b47a0f8fe811b982a2bbeb91feb885f7a2
Size

614KB
Sample

241204-qnkwyawqby
MD5

9d09c5c9e0900b702b140f4879f74c03
SHA1

35c432700077e2403cc0edfd9e81e17c014afdc2
SHA256

ba1e3ff4198ba5dbb009b9f283e0a0b47a0f8fe811b982a2bbeb91feb885f7a2
SHA512

4a2c3a459928747f52120c198d6874a4fff999176048b59485595baa7739774cb5752d59beb843b3400dc66c36ca2d78849c1b040fdbd8cdd96f2bce114d7f27
SSDEEP

12288:RjEZ+23c6+L8QoZQaPss+J3h2h7o1LWS7lt+jVjqW0:RYZ+23dONLaPssay7oRfYjct

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o05p

Decoy

ack-space.info

ixrecibeypaga.store

indmy-fr.info

atrottenondal.site

cenz16042.vip

elbournecakes.online

5gy2j62g9q.top

3anhbra.top

8c.top

ozhnoli.store

ichmanwillbe.shop

nfluencer-marketing-53327.bond

nnovationex.net

osleedn-bogatr.online

oorandco.store

atesb4dates.online

asryall.net

0zm.lat

ytorc.online

ariin.online

Targets

- Target
  
  Swift_0034.exe
- Size
  
  839KB
- MD5
  
  3209a5b655a33cd4e47a2c84dfa269fd
- SHA1
  
  5fac1974104f2262e735234389fb4b0642cde8f5
- SHA256
  
  2cf2d0b164f90f01162d60b8850225d4f142a5bbca39dc61571ab071ef3dc4b0
- SHA512
  
  c2adc85099db6bd37739336aabddd7a116701e3a048df5f406a9d061d37c72044a70a0fa0bf4fec258fc20e563968f1119b36e514ae965687707ffb32bc54b67
- SSDEEP
  
  12288:OqpZsSqXeHPyVeFalhuh7kZ+/UY/ib4011:OqzsaceFas7kJXv
Score

10^/10

formbook o05p discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2