formbook

General

Target

b9d684e2aa48529ee87c3b990311e091e94408b07d5cd77e16d0de0023e21405
Size

482KB
Sample

241221-vasrvatkds
MD5

f7967e9d33d845d0f83c3dfc0ae8db38
SHA1

15c27e2b3242189b0bf07018d41d06a8ab7385ee
SHA256

b9d684e2aa48529ee87c3b990311e091e94408b07d5cd77e16d0de0023e21405
SHA512

b144ed6732a6085b2c7ff162b3820db27f515dbc06d6b0f022a66bab48110e3feb4878960f2120492737b35cde72059fea705c5ee527766c2dbb33944eb85cf0
SSDEEP

12288:dA5wTZEaOveXlsh+XciK43e77ysku+EsVRB:HEpeVsUXciK43e3yskuwDB

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d1n3

Decoy

scrubbinsisters.com

kawuldim.com

pyttoin.xyz

iyraproperties.com

miaurora.net

cricutonlinesales.store

huangsanguai.com

chayaelements.store

giftexpress15.xyz

antiwardrobe.com

wiggly.site

avrecommendwiki.com

galabet472.com

invtips.com

tvpoy.xyz

raidencity.net

ripper66.com

ipoyce.online

xn--h6q362bj4mp5c.com

rooplaza.com

Targets

- Target
  
  542d6e28fa21ca093f75532f1dcdae0b4e4dae956cf4a0256ce28cf8c9ac05e8
- Size
  
  557KB
- MD5
  
  42bde216c83352991cd642907bea67cb
- SHA1
  
  5a8b2814216d8e457d3ceb4c2df0ade4eab2671e
- SHA256
  
  542d6e28fa21ca093f75532f1dcdae0b4e4dae956cf4a0256ce28cf8c9ac05e8
- SHA512
  
  0ea1edfdc216f1625e68399cd3001a7e596ea54b701ca90504c842213e6febf0eeb3d803a7b580e08168282083e1f662cfe60b5553e0a29643d4fc1b3339dc56
- SSDEEP
  
  12288:aRi+dlERmJirAFRWks4n+WqUF6+KloUecMrGRuW/qDeFGVlYiKkvq:rh0FQks4nFqvloU/EgKlYQv
Score

10^/10

formbook d1n3 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2