formbook

General

Target

1acc286c5d6a735c24c9dcf410e4c87d20dcc0d4bfbbc22fc42c8f2c85c80ebb.exe
Size

1.0MB
Sample

250111-cyr64ssjer
MD5

6abeb1392b0f59979d518f5c3d64d696
SHA1

a8b87350df4305a433ebde5264d7f89bae25b408
SHA256

1acc286c5d6a735c24c9dcf410e4c87d20dcc0d4bfbbc22fc42c8f2c85c80ebb
SHA512

f8abb2645f4814ee9b0d5952d24dda1b0d231def5bc9941dbf3fd50d294bfc40daf06e8b92a99f3c13fe257dae86c7bfb5f5d48339287d60f62ab3067513d55c
SSDEEP

24576:VAHnh+eWsN3skA4RV1Hom2KXMmHaY+2+D8rqKTg5:Eh+ZkldoPK8YaY+2+D8qKy

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

x07y

Decoy

oksa.life

utecak.shop

200mzeus.store

hopsphereviral.store

g6fqz07uyhlgwxf.shop

ntentwicket.asia

ele88.buzz

3233.pizza

ataract-surgery-54329.bond

utsidetheguardrails.net

lkpiou.xyz

nline-gaming-56806.bond

arehouse-inventory-23414.bond

sphalt-jobs-98701.bond

p82520.icu

hetopgraded.shop

okoresmi.life

su41k7v.xyz

lwaset.net

onitoring-devices-18459.bond

Targets

- Target
  
  1acc286c5d6a735c24c9dcf410e4c87d20dcc0d4bfbbc22fc42c8f2c85c80ebb.exe
- Size
  
  1.0MB
- MD5
  
  6abeb1392b0f59979d518f5c3d64d696
- SHA1
  
  a8b87350df4305a433ebde5264d7f89bae25b408
- SHA256
  
  1acc286c5d6a735c24c9dcf410e4c87d20dcc0d4bfbbc22fc42c8f2c85c80ebb
- SHA512
  
  f8abb2645f4814ee9b0d5952d24dda1b0d231def5bc9941dbf3fd50d294bfc40daf06e8b92a99f3c13fe257dae86c7bfb5f5d48339287d60f62ab3067513d55c
- SSDEEP
  
  24576:VAHnh+eWsN3skA4RV1Hom2KXMmHaY+2+D8rqKTg5:Eh+ZkldoPK8YaY+2+D8qKy
Score

10^/10

formbook x07y discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2