formbook

General

Target

713a9fc47fde8a6bee7099cd42faa8a00253113d92616abe14fef523cb9e7043.exe
Size

694KB
Sample

241206-jhkweswrfs
MD5

c43a9a71c788d9d04d8f9afb2314a1d8
SHA1

3e54a95c8992a1954c7addce4d04a9caa0bb2487
SHA256

713a9fc47fde8a6bee7099cd42faa8a00253113d92616abe14fef523cb9e7043
SHA512

34422de2cb1518d5944e246aa4dbcc8014bcf6a8af2dfc6acf38eaba494364bb51f9057a859dc31fb516d5a5ced6a40c683cc5b16ffc3e543156644dbe1ddb46
SSDEEP

12288:diIR4R52J+XtONxhwH7L8US0zA50ziWjBoAOIFSDhmAfUq/Wy9jwW7i5IjlMIRH:diIeeDNwH7o+cW9oAbtAMq+y9GIp

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ax19

Decoy

nmarklun.biz

eadithere.net

oytromcm.net

6gu536d.shop

hysicsjunction.online

esistivitysensors.net

ealthcare-software-53940.bond

tupid-edsee.cyou

614.lat

agmart.store

lothesthesale.store

ranopen.info

c1v.lat

owflyingbugs.online

undumimmobilien.net

nline-advertising-57252.bond

orktyper.net

kten10.shop

sadeaguia.net

ouseofnormal.party

Targets

- Target
  
  713a9fc47fde8a6bee7099cd42faa8a00253113d92616abe14fef523cb9e7043.exe
- Size
  
  694KB
- MD5
  
  c43a9a71c788d9d04d8f9afb2314a1d8
- SHA1
  
  3e54a95c8992a1954c7addce4d04a9caa0bb2487
- SHA256
  
  713a9fc47fde8a6bee7099cd42faa8a00253113d92616abe14fef523cb9e7043
- SHA512
  
  34422de2cb1518d5944e246aa4dbcc8014bcf6a8af2dfc6acf38eaba494364bb51f9057a859dc31fb516d5a5ced6a40c683cc5b16ffc3e543156644dbe1ddb46
- SSDEEP
  
  12288:diIR4R52J+XtONxhwH7L8US0zA50ziWjBoAOIFSDhmAfUq/Wy9jwW7i5IjlMIRH:diIeeDNwH7o+cW9oAbtAMq+y9GIp
Score

10^/10

formbook ax19 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2