formbook

General

Target

ff410475bb80926bc3933e68f5e84a7185292bb2b78294abe528cb647c78f637
Size

1.1MB
Sample

241204-txw74s1lbt
MD5

5fa5f00b74bf9bb524687e6785027135
SHA1

4f41d3eddbf7844cc60f561c6fd92c44f7f4f282
SHA256

ff410475bb80926bc3933e68f5e84a7185292bb2b78294abe528cb647c78f637
SHA512

5bbd12cb28e0255a6773e11c2c096a94ec018228dd8dfae107efdd4bb193808463849872175f9798de27705fa5f9b5232bc10ef18c726ebee3c222aa3b2b3f9f
SSDEEP

24576:WfmMv6Ckr7Mny5QtEc7e74/SPFjc2+ZWKrs3bC+:W3v+7/5Qtl7k4/S1tGJaC+

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cu29

Decoy

qidr.shop

usinessaviationconsulting.net

68716329.xyz

nd-los.net

ealthironcladguarantee.shop

oftware-download-69354.bond

48372305.top

omeownershub.top

mall-chilli.top

ajakgoid.online

ire-changer-53482.bond

rugsrx.shop

oyang123.info

azino-forum-pro.online

817715.rest

layman.vip

eb777.club

ovatonica.net

urgaslotvip.website

inn-paaaa.buzz

Targets

- Target
  
  ff410475bb80926bc3933e68f5e84a7185292bb2b78294abe528cb647c78f637
- Size
  
  1.1MB
- MD5
  
  5fa5f00b74bf9bb524687e6785027135
- SHA1
  
  4f41d3eddbf7844cc60f561c6fd92c44f7f4f282
- SHA256
  
  ff410475bb80926bc3933e68f5e84a7185292bb2b78294abe528cb647c78f637
- SHA512
  
  5bbd12cb28e0255a6773e11c2c096a94ec018228dd8dfae107efdd4bb193808463849872175f9798de27705fa5f9b5232bc10ef18c726ebee3c222aa3b2b3f9f
- SSDEEP
  
  24576:WfmMv6Ckr7Mny5QtEc7e74/SPFjc2+ZWKrs3bC+:W3v+7/5Qtl7k4/S1tGJaC+
Score

10^/10

formbook cu29 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Drops startup file

Executes dropped EXE

Loads dropped DLL

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2