formbook

General

Target

8dbf32fcd15ebdb72072e9b1e4d44fb82f874ab3f1c648eff56bfd116e38def8.exe
Size

1.1MB
Sample

250111-ezjmgawndj
MD5

23a19678a8e7581a0b8b8ede8922467a
SHA1

df8f5c8eabf5a704f7a42def716d9d57ba0c74a1
SHA256

8dbf32fcd15ebdb72072e9b1e4d44fb82f874ab3f1c648eff56bfd116e38def8
SHA512

a47ff825ff8d29e10b424d142128a465366c6ebd4b979569e9d9065eaca3e2fbd4fee158473c22b0e13383baf1da130d54c78ba693f551042250923e976c1f67
SSDEEP

24576:ou6J33O0c+JY5UZ+XC0kGso6FaqidaP4RZelFWY:Cu0c++OCvkGs9FaqIm4RUiY

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

at22

Decoy

etween-us.online

sphaleia.net

ental-implants-78350.bond

q4a.lat

commerce-97292.bond

linds-curtains-38811.bond

gyptevoyages.net

landofigueroa-abogados.net

cuitis.xyz

hantom.city

yzk.online

afikabmedan.store

ome-remodeling-67289.bond

ebpage-klzdxrhnazi.shop

eject.lol

rismart.xyz

nfluencer-marketing-72407.bond

ksolotl.xyz

ebsbayrntilrmizin93.xyz

pps-75399.bond

Targets

- Target
  
  8dbf32fcd15ebdb72072e9b1e4d44fb82f874ab3f1c648eff56bfd116e38def8.exe
- Size
  
  1.1MB
- MD5
  
  23a19678a8e7581a0b8b8ede8922467a
- SHA1
  
  df8f5c8eabf5a704f7a42def716d9d57ba0c74a1
- SHA256
  
  8dbf32fcd15ebdb72072e9b1e4d44fb82f874ab3f1c648eff56bfd116e38def8
- SHA512
  
  a47ff825ff8d29e10b424d142128a465366c6ebd4b979569e9d9065eaca3e2fbd4fee158473c22b0e13383baf1da130d54c78ba693f551042250923e976c1f67
- SSDEEP
  
  24576:ou6J33O0c+JY5UZ+XC0kGso6FaqidaP4RZelFWY:Cu0c++OCvkGs9FaqIm4RUiY
Score

10^/10

discovery formbook at22 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2