formbook

General

Target

eb4d78c2f2b63ac5364a8a86b93a0ef28c10d5c863b5bfc344e41cc29acd985eN.exe
Size

1.1MB
Sample

241206-lbwepawndr
MD5

bfe1378a69ec98a4b958737ef4fcee70
SHA1

0a97640ccbb63619f24f4d38f22af8dc90743a32
SHA256

eb4d78c2f2b63ac5364a8a86b93a0ef28c10d5c863b5bfc344e41cc29acd985e
SHA512

c949923045ffb37e2e1fe4bded6e6c1608edc7531010f55cb633db415649804de4a7b38b365cf31a2d05a7aaaf63b5dc5a347ef854fcd7fa90e9d2d2816c397d
SSDEEP

24576:Vu6J33O0c+JY5UZ+XC0kGso6Faz+mpj0BGPJerPPkii6WY:3u0c++OCvkGs9Faz+MjgGMbsY

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

at22

Decoy

etween-us.online

sphaleia.net

ental-implants-78350.bond

q4a.lat

commerce-97292.bond

linds-curtains-38811.bond

gyptevoyages.net

landofigueroa-abogados.net

cuitis.xyz

hantom.city

yzk.online

afikabmedan.store

ome-remodeling-67289.bond

ebpage-klzdxrhnazi.shop

eject.lol

rismart.xyz

nfluencer-marketing-72407.bond

ksolotl.xyz

ebsbayrntilrmizin93.xyz

pps-75399.bond

Targets

- Target
  
  eb4d78c2f2b63ac5364a8a86b93a0ef28c10d5c863b5bfc344e41cc29acd985eN.exe
- Size
  
  1.1MB
- MD5
  
  bfe1378a69ec98a4b958737ef4fcee70
- SHA1
  
  0a97640ccbb63619f24f4d38f22af8dc90743a32
- SHA256
  
  eb4d78c2f2b63ac5364a8a86b93a0ef28c10d5c863b5bfc344e41cc29acd985e
- SHA512
  
  c949923045ffb37e2e1fe4bded6e6c1608edc7531010f55cb633db415649804de4a7b38b365cf31a2d05a7aaaf63b5dc5a347ef854fcd7fa90e9d2d2816c397d
- SSDEEP
  
  24576:Vu6J33O0c+JY5UZ+XC0kGso6Faz+mpj0BGPJerPPkii6WY:3u0c++OCvkGs9Faz+MjgGMbsY
Score

10^/10

discovery formbook at22 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2