formbook

General

Target

6c9f799ecf5106a1e8d1070dd09a44ef016bd94d3bda810a34cbb5b5def86bff
Size

676KB
Sample

241205-xzhpaaxqdx
MD5

e496e4915e14c52ba7dfe9f712c464f5
SHA1

1c454b060e45671cbf782b403b7b5f261121949b
SHA256

6c9f799ecf5106a1e8d1070dd09a44ef016bd94d3bda810a34cbb5b5def86bff
SHA512

3cc7499574aa623ffa19f4b6bd90ebdef7e68ac231e5e8b5e6457ee55edc522376a27712e392c2df3e21983a01a0ac4511c5d27e3045a9b4d5a6c3225d681771
SSDEEP

12288:4W6RXxRcHjkaF8pSzw+MNU9Vfx9b5maqzfJ3XEd6Z4D9qG3ytOL:P9DkaFWP+0U9V59bTmCd9qG3Cq

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

at22

Decoy

etween-us.online

sphaleia.net

ental-implants-78350.bond

q4a.lat

commerce-97292.bond

linds-curtains-38811.bond

gyptevoyages.net

landofigueroa-abogados.net

cuitis.xyz

hantom.city

yzk.online

afikabmedan.store

ome-remodeling-67289.bond

ebpage-klzdxrhnazi.shop

eject.lol

rismart.xyz

nfluencer-marketing-72407.bond

ksolotl.xyz

ebsbayrntilrmizin93.xyz

pps-75399.bond

Targets

- Target
  
  Orden #TC108365.pdf.exe
- Size
  
  1.1MB
- MD5
  
  8fe3e4d69f8a455d879aa93adc7bb178
- SHA1
  
  3229dc414ce5368eae31411045bf8c6a87ca42da
- SHA256
  
  e152043da9783ff881930937645b7775847de130e9a2868e19b05a46b76ce963
- SHA512
  
  035fd90771c1e0d8ba7cb3aea80164bb0c736a108419a4a84e5562364df419bde3e70fa8d69514ebae0217485d1ec9ef60e1434142e0a90dd09ffb5a2d6c7012
- SSDEEP
  
  24576:qu6J33O0c+JY5UZ+XC0kGso6FaLxmMdXqGGANWY:cu0c++OCvkGs9FaLAMw1Y
Score

10^/10

formbook at22 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2