formbook

General

Target

b225f4ef997754cc29f699ca3a8aa9aa1d39661d7c3dbc6f36a7c7a5bca235ab
Size

1.3MB
Sample

250109-g967ma1rdw
MD5

f53e182f7f72b938a07fa2dedaff7d4c
SHA1

da1d4f6b8f9e4d1ee4471dea17781a352be94c87
SHA256

b225f4ef997754cc29f699ca3a8aa9aa1d39661d7c3dbc6f36a7c7a5bca235ab
SHA512

43c307e58214b16601a0a3a6af2ef426add2356bd17147a1270abaea203abb47ad2efecce09dd4a95450c7a707e4088bf5029713314b993a29b96a5562678207
SSDEEP

24576:ZqDEvCTbMWu7rQYlBQcBiT6rprG8aYLeZnYGANbK9Jr:ZTvC/MTQYxsWR7aYLeZYpNbkJ

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a03d

Decoy

nfluencer-marketing-13524.bond

cebepu.info

lphatechblog.xyz

haoyun.website

itiz.xyz

orld-visa-center.online

si.art

alata.xyz

mmarketing.xyz

elnqdjc.shop

ensentoto.cloud

voyagu.info

onvert.today

1fuli9902.shop

otelhafnia.info

rumpchiefofstaff.store

urvivalflashlights.shop

0090.pizza

ings-hu-13.today

oliticalpatriot.net

Targets

- Target
  
  b225f4ef997754cc29f699ca3a8aa9aa1d39661d7c3dbc6f36a7c7a5bca235ab
- Size
  
  1.3MB
- MD5
  
  f53e182f7f72b938a07fa2dedaff7d4c
- SHA1
  
  da1d4f6b8f9e4d1ee4471dea17781a352be94c87
- SHA256
  
  b225f4ef997754cc29f699ca3a8aa9aa1d39661d7c3dbc6f36a7c7a5bca235ab
- SHA512
  
  43c307e58214b16601a0a3a6af2ef426add2356bd17147a1270abaea203abb47ad2efecce09dd4a95450c7a707e4088bf5029713314b993a29b96a5562678207
- SSDEEP
  
  24576:ZqDEvCTbMWu7rQYlBQcBiT6rprG8aYLeZnYGANbK9Jr:ZTvC/MTQYxsWR7aYLeZYpNbkJ
Score

10^/10

formbook a03d discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2