formbook

General

Target

d4d75559f75b84b857c8f2423c1311043845b02f1ebb4ca6bbe0b41ad8cda821.exe
Size

1.7MB
Sample

250110-el419atnam
MD5

5e87fce7bcc2c37521999ef3df14806a
SHA1

dbaba7033d7e78eb5934d2d8ebeb814ecd9ab68e
SHA256

d4d75559f75b84b857c8f2423c1311043845b02f1ebb4ca6bbe0b41ad8cda821
SHA512

c47a13c15a4f7423bb564c7b19f8170a9a8cb6351b247cbc2a55341e624aee4580cb21ac0a775afa9b43f8340b0dca076b40e87a5d890cab5a42c86f796bf7a4
SSDEEP

24576:hqDEvCTbMWu7rQYlBQcBiT6rprG8aR1AdKVsRz7X58ggdSjWuve:hTvC/MTQYxsWR7aRidKVsRzz5RgE6u

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

no84

Decoy

odalis.solutions

arehouse-inventory-39660.bond

uzcobrands.store

ersonaformosa.net

assiveincome.video

ro-staff-lp.net

aapp.cloud

leaning-jobs-55001.bond

nfluencer-marketing-14840.bond

ebmyadmin.online

djl.info

aulocandotii.info

ecurity-apps-72506.bond

arketwise.sbs

temcellsusa.net

fagame888.net

eelsbalance.online

nternetempauta.online

uivision.net

pfjc.info

Targets

- Target
  
  d4d75559f75b84b857c8f2423c1311043845b02f1ebb4ca6bbe0b41ad8cda821.exe
- Size
  
  1.7MB
- MD5
  
  5e87fce7bcc2c37521999ef3df14806a
- SHA1
  
  dbaba7033d7e78eb5934d2d8ebeb814ecd9ab68e
- SHA256
  
  d4d75559f75b84b857c8f2423c1311043845b02f1ebb4ca6bbe0b41ad8cda821
- SHA512
  
  c47a13c15a4f7423bb564c7b19f8170a9a8cb6351b247cbc2a55341e624aee4580cb21ac0a775afa9b43f8340b0dca076b40e87a5d890cab5a42c86f796bf7a4
- SSDEEP
  
  24576:hqDEvCTbMWu7rQYlBQcBiT6rprG8aR1AdKVsRz7X58ggdSjWuve:hTvC/MTQYxsWR7aRidKVsRzz5RgE6u
Score

10^/10

formbook no84 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2