formbook

General

Target

fce6218eda97d21dc46c3d8042bed93e3d26a9751bcc7aad22cda66b935c3b0d.rar
Size

816KB
Sample

250109-ext1eszrhn
MD5

e02c9fc093c8841471d21017da774c0d
SHA1

3e07740a5a8fa952b0434aaa0409e6021ded115b
SHA256

fce6218eda97d21dc46c3d8042bed93e3d26a9751bcc7aad22cda66b935c3b0d
SHA512

3800755d32bc392f556d61be4f93a6a688a67959579a0a237774b41ec10a9bd1b8f81af2853e6293203d0cd621f69c2f34ed05bd51e7e140b02633f657b85dc0
SSDEEP

24576:qFeHWzlI1lynflJzD74Qy1oNZEAYUWnAv:h6I1l8t5ja+ZEAYov

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a02d

Decoy

coplus.market

oofing-jobs-74429.bond

healchemists.xyz

oofcarpenternearme-jp.xyz

enewebsolutions.online

harepoint.legal

88977.club

omptables.xyz

eat-pumps-31610.bond

endown.graphics

amsexgirls.website

ovevibes.xyz

u-thiensu.online

yblinds.xyz

rumpchiefofstaff.store

erzog.fun

rrm.lat

agiclime.pro

agaviet59.shop

lbdoanhnhan.net

Targets

- Target
  
  newww.exe
- Size
  
  1.3MB
- MD5
  
  38679fcb06dc756b3c54419c716005a9
- SHA1
  
  06580c53336b0fa594443a721ba261c8f1c0ee51
- SHA256
  
  e64639cc4061ca733acf32ca7518b8d30de90f26df61800683dc5817b5237ee2
- SHA512
  
  d1fd881f03e19bcb77b09c13ae8befc77ac3227206c643b7f417c41aac5cb0775b89e402d936da9e51967a0bf495599c2c37766a065811660c00c8c9078a7a82
- SSDEEP
  
  24576:SqDEvCTbMWu7rQYlBQcBiT6rprG8aI4uOGIq1N8ZRMKauEh4p0BU6/+:STvC/MTQYxsWR7aI4J01NsRCuEFF/
Score

10^/10

formbook a02d discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2