formbook

General

Target

4C29ECF0655519C8700F3392A1C2C962B523E9DE0D34190B7D85E6C35D731BF2
Size

1.0MB
Sample

250103-jnn52axpaj
MD5

7219e991b1a4822c91639c242baed0fe
SHA1

b30d7f1a38efe698d5a94fa9c70b6e3f21f8439c
SHA256

4c29ecf0655519c8700f3392a1c2c962b523e9de0d34190b7d85e6c35d731bf2
SHA512

330a786b1a7ecaf849761ff9f1b9959e0b572bf7efc7328dc048b9b5cb8b7342f0f1d7fad2a97fe4f25204cb21a218271f7128202f44189bae18865d32f02e87
SSDEEP

24576:YAHnh+eWsN3skA4RV1Hom2KXMmHaMid+s8N5:fh+ZkldoPK8YaM3H

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

as02

Decoy

qwin777.com

robinhoods.live

h3jh-dal.pics

braindeadcopywriting.com

kktcbet1000.com

mpo0463.cfd

raboteshoes.com

ab1718.com

lowcrusiers.com

gregcopelandmusic.com

dkfndch.store

firstclassuni.com

00ewu1ub.com

shunweichemical.com

sugarits.com

marqify.com

mistmajik.com

trezip.online

tinytables.xyz

suestergocoaching.com

Targets

- Target
  
  4C29ECF0655519C8700F3392A1C2C962B523E9DE0D34190B7D85E6C35D731BF2
- Size
  
  1.0MB
- MD5
  
  7219e991b1a4822c91639c242baed0fe
- SHA1
  
  b30d7f1a38efe698d5a94fa9c70b6e3f21f8439c
- SHA256
  
  4c29ecf0655519c8700f3392a1c2c962b523e9de0d34190b7d85e6c35d731bf2
- SHA512
  
  330a786b1a7ecaf849761ff9f1b9959e0b572bf7efc7328dc048b9b5cb8b7342f0f1d7fad2a97fe4f25204cb21a218271f7128202f44189bae18865d32f02e87
- SSDEEP
  
  24576:YAHnh+eWsN3skA4RV1Hom2KXMmHaMid+s8N5:fh+ZkldoPK8YaM3H
Score

10^/10

formbook as02 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2