formbook

General

Target

rREVISEDEPDAforAUGUST22-UPDATED_STATEMENT_.exe
Size

1.3MB
Sample

250114-czpsdatqcs
MD5

75a969be7c422af6c6a23ad1ddf5a3d1
SHA1

212b7524b811796cbfc84ab234000a131b349904
SHA256

b73b18876f5bcefc703154fb97f8747b2e385ef0d494e4b7642a0a5879ffe260
SHA512

a19d5de2628f724cb1405cba7b345b35e686d1d182c579cba6b1ed61390495ee0143a0b040b12c975790ac9f9f11672075ad4aca42ed4c2554a6a8f24bed3f6b
SSDEEP

24576:5qDEvCTbMWu7rQYlBQcBiT6rprG8aEw09a/RFr8zHiA:5TvC/MTQYxsWR7aEw4aX8

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a38m

Decoy

rtfosters.net

ental-implants-97548.bond

raphic-design-degree-15820.bond

ompraninjas.shop

indmyusedcar.today

rumptraumasupport.net

uozwear.xyz

etron.xyz

dultlivebroadcast09.today

ypegen.net

arehouse-inventory-54057.bond

27961.pizza

ortable-ai.xyz

pioxc.xyz

nline-advertising-76059.bond

rendyshack.store

pa-services88.life

aftarpragmatic218gacor.online

yb1054.shop

8x189.xyz

Targets

- Target
  
  rREVISEDEPDAforAUGUST22-UPDATED_STATEMENT_.exe
- Size
  
  1.3MB
- MD5
  
  75a969be7c422af6c6a23ad1ddf5a3d1
- SHA1
  
  212b7524b811796cbfc84ab234000a131b349904
- SHA256
  
  b73b18876f5bcefc703154fb97f8747b2e385ef0d494e4b7642a0a5879ffe260
- SHA512
  
  a19d5de2628f724cb1405cba7b345b35e686d1d182c579cba6b1ed61390495ee0143a0b040b12c975790ac9f9f11672075ad4aca42ed4c2554a6a8f24bed3f6b
- SSDEEP
  
  24576:5qDEvCTbMWu7rQYlBQcBiT6rprG8aEw09a/RFr8zHiA:5TvC/MTQYxsWR7aEw4aX8
Score

10^/10

formbook a38m discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2