formbook

General

Target

0851e6ab84603b734deef821617fd5d52859f09b1677e6ee72a8325c63601f27
Size

343KB
Sample

241221-v5ztmsvjgy
MD5

c334bbd94e791841d79efdb03f2b6082
SHA1

67619ea8e9929fc5d341f9380d2c90deb2c295b2
SHA256

0851e6ab84603b734deef821617fd5d52859f09b1677e6ee72a8325c63601f27
SHA512

126a93ef1501f9eb5526e3144a053ac03537888d500c52bce14bfe973700dec62176c94b215e90b964a93899f3e5046da2dd4edad94105b27eddacb0d9de8807
SSDEEP

6144:qXYPSjcXyo3nHjKCibJS4wvXzu4uNqOeg8AMrkCLRdw0IcW4eWLyjc9Ybcw:UYPSIlHtPzu4un1cM0IBG5Wbcw

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bg6

Decoy

uvs57.info

perfectpointapparel.com

sportsthrem.com

debowerdesigns.com

wzjs99.com

chothuexenangxecauninhbinh.com

blackkeymanagement.com

verdesonline.com

hezehzxx0530.com

alientechcenterlondon.com

body-suit.com

pcfip.com

perocreations.com

mingary.life

goldengoddessglamour.com

reparmaxpro.com

xn--fiqv1al2p20d348d.com

yourhomehealthcarellc.net

weddingproper.com

felicityhorseclub.com

Targets

- Target
  
  soa.exe
- Size
  
  451KB
- MD5
  
  db7035b451f169a670b56a3a023b18e8
- SHA1
  
  d586fb0dbdfb1a37cf8097c3f11f4db745e9faa9
- SHA256
  
  aeccef59002b851b685cf54307f906c06adb065b68c3eff112f4b0f1442d1349
- SHA512
  
  fc6f4c6321747aa92301f8ac3d01cae40ad5d51df1cf294e179bd866537de0f5cef7f1b17616efbc2194679b7d7eff8b807d9d1ef9dc12331c497cbb4f89d707
- SSDEEP
  
  6144:rr5h1r6lmPMk8X25ahxL4XUhaGFo69nwTge6qG5yjNeQFgv8dKgvW:rrH1GIUk83xLfHSTg5qGIjNeDCKg
Score

10^/10

formbook bg6 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2