formbook

General

Target

89f618ae5abb8b3dfd00db8271c120503dff7ae17af576f4169ba4036f4562d7.exe
Size

579KB
Sample

241205-s9ye9sxlbl
MD5

da066641d45b8563884830288bb340eb
SHA1

df2e5c731eaabc386c04feb696083f89b322e0d9
SHA256

89f618ae5abb8b3dfd00db8271c120503dff7ae17af576f4169ba4036f4562d7
SHA512

9b5351aebc8b49f04caff51b15ba4b9df72e52d724b4afe34283b9aed2ec80d2aa76387f9c82351ff484314c1f21a65ea1ac11147dcd67d6df5205da4571233f
SSDEEP

12288:ek6Q2PPeJpMAqir+pywsOWCpP4nPtolvGe52QedOUd:ekkneJpMAqiKtsOzGnlr

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ms84

Decoy

ecurity-ukgaxq.xyz

45ee.top

risiddivinayaka.net

tizip-skill.xyz

ostcanadantet.top

764.xyz

oco188rtp.xyz

lobalacessory.shop

qcq-serve.xyz

dameth.top

arge-eycert.xyz

yzwj-she.xyz

bgfrp-plant.xyz

emesiartwork.net

rcw-hotel.xyz

loor-dfqzpi.xyz

vidence-zvkkln.xyz

oisthuchoyarura.shop

959108ttltxfm842.top

apzcc-both.xyz

Targets

- Target
  
  89f618ae5abb8b3dfd00db8271c120503dff7ae17af576f4169ba4036f4562d7.exe
- Size
  
  579KB
- MD5
  
  da066641d45b8563884830288bb340eb
- SHA1
  
  df2e5c731eaabc386c04feb696083f89b322e0d9
- SHA256
  
  89f618ae5abb8b3dfd00db8271c120503dff7ae17af576f4169ba4036f4562d7
- SHA512
  
  9b5351aebc8b49f04caff51b15ba4b9df72e52d724b4afe34283b9aed2ec80d2aa76387f9c82351ff484314c1f21a65ea1ac11147dcd67d6df5205da4571233f
- SSDEEP
  
  12288:ek6Q2PPeJpMAqir+pywsOWCpP4nPtolvGe52QedOUd:ekkneJpMAqiKtsOzGnlr
Score

10^/10

formbook ms84 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2