formbook

General

Target

638a4b786fbb0e09168140311cfe7bdf63ddc5764d14e146633d9be28d6cf9f0.exe
Size

1.1MB
Sample

241205-cv3tfazkdj
MD5

53af708104f6592c0491922d65ba4183
SHA1

12e1168a23d3a3b92b3fc4234ea1f3ab0151ba2a
SHA256

638a4b786fbb0e09168140311cfe7bdf63ddc5764d14e146633d9be28d6cf9f0
SHA512

69d391d4816d1e8a9c1e3a48e4cffc231187b6618b31e1d6a11bc34e65fe193ec1a1e1ddb977207ae0de94f6d7373921bbde8fbdae4572227f2222b59c5e8f53
SSDEEP

24576:Vu6J33O0c+JY5UZ+XC0kGso6Faz+mpj0BGPJerPPkii6WYb:3u0c++OCvkGs9Faz+MjgGMbsYb

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

at22

Decoy

etween-us.online

sphaleia.net

ental-implants-78350.bond

q4a.lat

commerce-97292.bond

linds-curtains-38811.bond

gyptevoyages.net

landofigueroa-abogados.net

cuitis.xyz

hantom.city

yzk.online

afikabmedan.store

ome-remodeling-67289.bond

ebpage-klzdxrhnazi.shop

eject.lol

rismart.xyz

nfluencer-marketing-72407.bond

ksolotl.xyz

ebsbayrntilrmizin93.xyz

pps-75399.bond

Targets

- Target
  
  638a4b786fbb0e09168140311cfe7bdf63ddc5764d14e146633d9be28d6cf9f0.exe
- Size
  
  1.1MB
- MD5
  
  53af708104f6592c0491922d65ba4183
- SHA1
  
  12e1168a23d3a3b92b3fc4234ea1f3ab0151ba2a
- SHA256
  
  638a4b786fbb0e09168140311cfe7bdf63ddc5764d14e146633d9be28d6cf9f0
- SHA512
  
  69d391d4816d1e8a9c1e3a48e4cffc231187b6618b31e1d6a11bc34e65fe193ec1a1e1ddb977207ae0de94f6d7373921bbde8fbdae4572227f2222b59c5e8f53
- SSDEEP
  
  24576:Vu6J33O0c+JY5UZ+XC0kGso6Faz+mpj0BGPJerPPkii6WYb:3u0c++OCvkGs9Faz+MjgGMbsYb
Score

10^/10

formbook at22 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2