formbook

General

Target

9f184a39f058cdf0d50fd15f34eb5b7f5d1421db80cb91d9efc829da9d9515e4.exe
Size

889KB
Sample

250111-fbkqasxkdk
MD5

60907b42e4beb3cac3ad1253542ce0c9
SHA1

c2f8333319713aca8740b24816637f36328e8d01
SHA256

9f184a39f058cdf0d50fd15f34eb5b7f5d1421db80cb91d9efc829da9d9515e4
SHA512

b39223428b3bb8b09f2b9753881075790ae47236addadd7dc6213e4e26e11cbc84713b5188f8738130df3147f529b7f945aa233548a27469353d0011ee2631a0
SSDEEP

12288:JE2EdrSrR3yrRGcpAHOaLZrSvwFjo51LtnNfK9sN:JE2E1SrRCr4bXdS4FjS1BA9s

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gd04

Decoy

f5u8utd50.icu

ob-offer-33304.bond

aaf.zone

hoppersrack.store

nline-gaming-33476.bond

isionaryvault.online

ilitary-jobs-88516.bond

iyxym.info

eyes.xyz

refle.xyz

kinsmonlkey.shop

oruu.shop

est2x2.online

nline-advertising-77889.bond

hepresspoolai.xyz

anilaberg.online

reimutigleben.store

anguage-courses-22450.bond

zzt.xyz

kfn.lat

Targets

- Target
  
  9f184a39f058cdf0d50fd15f34eb5b7f5d1421db80cb91d9efc829da9d9515e4.exe
- Size
  
  889KB
- MD5
  
  60907b42e4beb3cac3ad1253542ce0c9
- SHA1
  
  c2f8333319713aca8740b24816637f36328e8d01
- SHA256
  
  9f184a39f058cdf0d50fd15f34eb5b7f5d1421db80cb91d9efc829da9d9515e4
- SHA512
  
  b39223428b3bb8b09f2b9753881075790ae47236addadd7dc6213e4e26e11cbc84713b5188f8738130df3147f529b7f945aa233548a27469353d0011ee2631a0
- SSDEEP
  
  12288:JE2EdrSrR3yrRGcpAHOaLZrSvwFjo51LtnNfK9sN:JE2E1SrRCr4bXdS4FjS1BA9s
Score

10^/10

discovery formbook gd04 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2