formbook

General

Target

newww.exe
Size

1.3MB
Sample

250108-swd5gavjfs
MD5

38679fcb06dc756b3c54419c716005a9
SHA1

06580c53336b0fa594443a721ba261c8f1c0ee51
SHA256

e64639cc4061ca733acf32ca7518b8d30de90f26df61800683dc5817b5237ee2
SHA512

d1fd881f03e19bcb77b09c13ae8befc77ac3227206c643b7f417c41aac5cb0775b89e402d936da9e51967a0bf495599c2c37766a065811660c00c8c9078a7a82
SSDEEP

24576:SqDEvCTbMWu7rQYlBQcBiT6rprG8aI4uOGIq1N8ZRMKauEh4p0BU6/+:STvC/MTQYxsWR7aI4J01NsRCuEFF/

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a02d

Decoy

coplus.market

oofing-jobs-74429.bond

healchemists.xyz

oofcarpenternearme-jp.xyz

enewebsolutions.online

harepoint.legal

88977.club

omptables.xyz

eat-pumps-31610.bond

endown.graphics

amsexgirls.website

ovevibes.xyz

u-thiensu.online

yblinds.xyz

rumpchiefofstaff.store

erzog.fun

rrm.lat

agiclime.pro

agaviet59.shop

lbdoanhnhan.net

Targets

- Target
  
  newww.exe
- Size
  
  1.3MB
- MD5
  
  38679fcb06dc756b3c54419c716005a9
- SHA1
  
  06580c53336b0fa594443a721ba261c8f1c0ee51
- SHA256
  
  e64639cc4061ca733acf32ca7518b8d30de90f26df61800683dc5817b5237ee2
- SHA512
  
  d1fd881f03e19bcb77b09c13ae8befc77ac3227206c643b7f417c41aac5cb0775b89e402d936da9e51967a0bf495599c2c37766a065811660c00c8c9078a7a82
- SSDEEP
  
  24576:SqDEvCTbMWu7rQYlBQcBiT6rprG8aI4uOGIq1N8ZRMKauEh4p0BU6/+:STvC/MTQYxsWR7aI4J01NsRCuEFF/
Score

10^/10

discovery formbook a02d rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2