formbook

General

Target

f5c898ea8aae91ddfba5afe1b4870a86fd19634d6c30a41d3e68fccf18372577.zip
Size

912KB
Sample

250110-evesqa1rbw
MD5

3653de095b0278458760f6edbbe700fb
SHA1

8cd77b917aa173bc1ffc1f99fb318c9ae20d8ba2
SHA256

f5c898ea8aae91ddfba5afe1b4870a86fd19634d6c30a41d3e68fccf18372577
SHA512

5df1463f90e9abc7c6fc02d33933259dee0fa9cb168afa3f7eba8a6a5c8cc760bdaa76b6e435416ce8b062b437fd41c53bfe36f6a8c95f31508e8d521417585e
SSDEEP

24576:n5Lko1GhVe9P6r1cNAK3CL99MO4rkncgGNzXbyXwk8:lGCJucWr4kncBNbbL

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a01d

Decoy

eniorshousing05.shop

rywisevas.biz

4726.pizza

itchen-design-42093.bond

3456.tech

4825.plus

nlinecraps.xyz

itamins-52836.bond

nfluencer-marketing-40442.bond

nline-advertising-58573.bond

rautogroups.net

limbtrip.net

oftware-download-14501.bond

nline-advertising-66733.bond

erity.xyz

xknrksi.icu

x-ist.club

yber-security-26409.bond

oincatch.xyz

onitoring-devices-34077.bond

Targets

- Target
  
  New Purchase Order #98540-00.exe
- Size
  
  1.3MB
- MD5
  
  202ddedc02150abda9b8679cc21aab02
- SHA1
  
  a339199aac187a3eb566ec67f92d67c934eb2235
- SHA256
  
  44e897b05ea6fc3eff3b2db584a2817cab6ca6e81193396abd21d83ce72fffa5
- SHA512
  
  e0fcd7e781d722589400e9485e0b7170ae8f6694fce2e861cec657f7a98b63c95d99574bbb8fce6a010d9d1f1692c8e36d841ec26b6eb6ac5ce1332c37dab4f7
- SSDEEP
  
  24576:fqDEvCTbMWu7rQYlBQcBiT6rprG8aD39wC4fkncmGNz/3yrgc:fTvC/MTQYxsWR7aD3iknc/NT3Z
Score

10^/10

formbook a01d discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2