formbook

General

Target

44e897b05ea6fc3eff3b2db584a2817cab6ca6e81193396abd21d83ce72fffa5.exe
Size

1.3MB
Sample

250110-ctaq9s1lgr
MD5

202ddedc02150abda9b8679cc21aab02
SHA1

a339199aac187a3eb566ec67f92d67c934eb2235
SHA256

44e897b05ea6fc3eff3b2db584a2817cab6ca6e81193396abd21d83ce72fffa5
SHA512

e0fcd7e781d722589400e9485e0b7170ae8f6694fce2e861cec657f7a98b63c95d99574bbb8fce6a010d9d1f1692c8e36d841ec26b6eb6ac5ce1332c37dab4f7
SSDEEP

24576:fqDEvCTbMWu7rQYlBQcBiT6rprG8aD39wC4fkncmGNz/3yrgc:fTvC/MTQYxsWR7aD3iknc/NT3Z

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a01d

Decoy

eniorshousing05.shop

rywisevas.biz

4726.pizza

itchen-design-42093.bond

3456.tech

4825.plus

nlinecraps.xyz

itamins-52836.bond

nfluencer-marketing-40442.bond

nline-advertising-58573.bond

rautogroups.net

limbtrip.net

oftware-download-14501.bond

nline-advertising-66733.bond

erity.xyz

xknrksi.icu

x-ist.club

yber-security-26409.bond

oincatch.xyz

onitoring-devices-34077.bond

Targets

- Target
  
  44e897b05ea6fc3eff3b2db584a2817cab6ca6e81193396abd21d83ce72fffa5.exe
- Size
  
  1.3MB
- MD5
  
  202ddedc02150abda9b8679cc21aab02
- SHA1
  
  a339199aac187a3eb566ec67f92d67c934eb2235
- SHA256
  
  44e897b05ea6fc3eff3b2db584a2817cab6ca6e81193396abd21d83ce72fffa5
- SHA512
  
  e0fcd7e781d722589400e9485e0b7170ae8f6694fce2e861cec657f7a98b63c95d99574bbb8fce6a010d9d1f1692c8e36d841ec26b6eb6ac5ce1332c37dab4f7
- SSDEEP
  
  24576:fqDEvCTbMWu7rQYlBQcBiT6rprG8aD39wC4fkncmGNz/3yrgc:fTvC/MTQYxsWR7aD3iknc/NT3Z
Score

10^/10

formbook a01d discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2