formbook

General

Target

Sales Ordere907.zip
Size

890KB
Sample

250108-n32f5a1mej
MD5

d80d215b72d27785d8eaa5830022e586
SHA1

70b56337da4b1c88e21fdfa5df37fe4c3d6d2178
SHA256

c1f3972f20b1cdf9159f820d96ca2107b054c73d90f229f4bee8683c4fde38d6
SHA512

c60f9fde1e3ee17625a75ba8813db512fdd5428fbcf26f3431d39723cf0c18976f581de9c4eb15dccabe10f738bb5f7c07b2b3fa4f94f0d354c9788e8e2b81d2
SSDEEP

24576:i5Lko1GhVe9P6r1cNAK3CLk8vpY4QBBS9bg:eGCJucWq8vKtBBcbg

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a03d

Decoy

nfluencer-marketing-13524.bond

cebepu.info

lphatechblog.xyz

haoyun.website

itiz.xyz

orld-visa-center.online

si.art

alata.xyz

mmarketing.xyz

elnqdjc.shop

ensentoto.cloud

voyagu.info

onvert.today

1fuli9902.shop

otelhafnia.info

rumpchiefofstaff.store

urvivalflashlights.shop

0090.pizza

ings-hu-13.today

oliticalpatriot.net

Targets

- Target
  
  Sales Ordere907.exe
- Size
  
  1.3MB
- MD5
  
  f53e182f7f72b938a07fa2dedaff7d4c
- SHA1
  
  da1d4f6b8f9e4d1ee4471dea17781a352be94c87
- SHA256
  
  b225f4ef997754cc29f699ca3a8aa9aa1d39661d7c3dbc6f36a7c7a5bca235ab
- SHA512
  
  43c307e58214b16601a0a3a6af2ef426add2356bd17147a1270abaea203abb47ad2efecce09dd4a95450c7a707e4088bf5029713314b993a29b96a5562678207
- SSDEEP
  
  24576:ZqDEvCTbMWu7rQYlBQcBiT6rprG8aYLeZnYGANbK9Jr:ZTvC/MTQYxsWR7aYLeZYpNbkJ
Score

10^/10

formbook a03d discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2