formbook

General

Target

7ADCA6F59D1AF7E6B289A49013D50D0812D180AB900AAF4C434E3C223D3BB142
Size

1.1MB
Sample

250103-jnypgaxpbm
MD5

d2d2c8c56d2345751872f0faf3399ea0
SHA1

8b5dfc70c78fe0fc71a68523ac2d65fd2b7794c8
SHA256

7adca6f59d1af7e6b289a49013d50d0812d180ab900aaf4c434e3c223d3bb142
SHA512

0558b007b38c17864aa1891e09734f44da347ceae8e36d2889a87716024d058744742764673341fffb7298943791dca3aa0ddf31605b041bf80868acca579623
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHawirrIkSPJ+iEh5:gh+ZkldoPK8Yawi/IW

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ot96

Decoy

yclingbear.studio

sxuio.xyz

eon-official-bk-o57v.buzz

teel.management

rusjitu.sbs

ighwald-holdings.info

ummitfinancal.vip

layvalleyconstruction.online

pp-games-efficsecuspon.xyz

ouh.shop

mgltd.services

gshsjwhgsg.fun

eidotijolo.online

yifg.sbs

nline-gaming-ox-mx.xyz

ux-money.info

inergiputraborneo.dev

panish-classes-67016.bond

reightrading.info

23bet.xyz

Targets

- Target
  
  7ADCA6F59D1AF7E6B289A49013D50D0812D180AB900AAF4C434E3C223D3BB142
- Size
  
  1.1MB
- MD5
  
  d2d2c8c56d2345751872f0faf3399ea0
- SHA1
  
  8b5dfc70c78fe0fc71a68523ac2d65fd2b7794c8
- SHA256
  
  7adca6f59d1af7e6b289a49013d50d0812d180ab900aaf4c434e3c223d3bb142
- SHA512
  
  0558b007b38c17864aa1891e09734f44da347ceae8e36d2889a87716024d058744742764673341fffb7298943791dca3aa0ddf31605b041bf80868acca579623
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHawirrIkSPJ+iEh5:gh+ZkldoPK8Yawi/IW
Score

10^/10

formbook ot96 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2