formbook

General

Target

346E804F385A59DEED6EEEFAC709FFD18468BBEFD31A62B3ADAD7232BA5E6245
Size

1.0MB
Sample

250103-jpsvlsvlev
MD5

d21e850ec672153fc40406d9307be42b
SHA1

fd56cf57e537b7e24c416bb60cb278320c42a57a
SHA256

346e804f385a59deed6eeefac709ffd18468bbefd31a62b3adad7232ba5e6245
SHA512

614d3280893562c9dde062ccd453d3c2306ec7b9538ce06f8d6eb54285c3987385ac1fd4d039c234ca29b6a08fac9d6bde4e15be200e156f754ab8b388dafdf9
SSDEEP

24576:Q4lavt0LkLL9IMixoEgeaHdf91hplyQxbKq9MmCS:Hkwkn9IMHeaHdlnyQxOaPCS

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kr28

Decoy

8pehzswy1.com

charliebluewellness.net

telehealthtravel.com

d6ir07.vip

consciouscapital.observer

and-good.world

metapod.fm

ereccprime.us

nihb.tokyo

tsbot.us

lkbc.store

lev-casino-qjm.buzz

freshfit.co.za

novinlopik.store

surrealfurrealart.com

endless-garage.com

newlaunchinthane.co.in

diamondtalesstore.com

yooyarkyoodai.com

hippomarketplace.shop

Targets

- Target
  
  346E804F385A59DEED6EEEFAC709FFD18468BBEFD31A62B3ADAD7232BA5E6245
- Size
  
  1.0MB
- MD5
  
  d21e850ec672153fc40406d9307be42b
- SHA1
  
  fd56cf57e537b7e24c416bb60cb278320c42a57a
- SHA256
  
  346e804f385a59deed6eeefac709ffd18468bbefd31a62b3adad7232ba5e6245
- SHA512
  
  614d3280893562c9dde062ccd453d3c2306ec7b9538ce06f8d6eb54285c3987385ac1fd4d039c234ca29b6a08fac9d6bde4e15be200e156f754ab8b388dafdf9
- SSDEEP
  
  24576:Q4lavt0LkLL9IMixoEgeaHdf91hplyQxbKq9MmCS:Hkwkn9IMHeaHdlnyQxOaPCS
Score

10^/10

discovery formbook kr28 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2