formbook

General

Target

CF1E31EDB7BEDF25369DA849FD542383415787A0FC70A7D083E711735962DF4B
Size

1.1MB
Sample

250103-jqsagavmdy
MD5

ce485df14c7c69d923b375cdd00a4d72
SHA1

ec606ce770065755c4f9d5499a9fde04d563809a
SHA256

cf1e31edb7bedf25369da849fd542383415787a0fc70a7d083e711735962df4b
SHA512

673d18bafd2887c586b0cddbbba64d996d188564fe931b00b7f01faa9e441807194068c3b7d07a035caf0dd03718d41c2c479d06057317505c02659b2ef264ff
SSDEEP

24576:pAHnh+eWsN3skA4RV1Hom2KXMmHagViEf1eI/qfLDkQXo5:wh+ZkldoPK8YagXoJLDE

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ph01

Decoy

23888.sbs

zvcj.sbs

raitpourtrait.net

ibraryfarmclub.online

omputercourses123.live

j88.doctor

atsue-color.click

epitalrentgrup.online

rvvpn.lol

i-signals.tech

cr-phoenix.best

frican-safari.online

c-games.zone

oardetest.online

f4md.shop

uke-saaac.buzz

arze.dev

nvestment-services-49610.bond

izatrip.sbs

ameron-paaaa.buzz

Targets

- Target
  
  CF1E31EDB7BEDF25369DA849FD542383415787A0FC70A7D083E711735962DF4B
- Size
  
  1.1MB
- MD5
  
  ce485df14c7c69d923b375cdd00a4d72
- SHA1
  
  ec606ce770065755c4f9d5499a9fde04d563809a
- SHA256
  
  cf1e31edb7bedf25369da849fd542383415787a0fc70a7d083e711735962df4b
- SHA512
  
  673d18bafd2887c586b0cddbbba64d996d188564fe931b00b7f01faa9e441807194068c3b7d07a035caf0dd03718d41c2c479d06057317505c02659b2ef264ff
- SSDEEP
  
  24576:pAHnh+eWsN3skA4RV1Hom2KXMmHagViEf1eI/qfLDkQXo5:wh+ZkldoPK8YagXoJLDE
Score

10^/10

formbook ph01 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2