formbook

Sharing

Copy URL

Twitter E-mail

General

Target

Envio de documento OC016 PAGO192025.Pdf-password(2Qo0Qsm6).zip
Size

867KB
Sample

250114-sgtlls1mev
MD5

eaccce8a63a1cdccd71b6efc8091a339
SHA1

cc9f3f48979e3ee61f1a7a1e94b25d07fe1ed562
SHA256

ddf0e277fe57779b5afcd54250f583e6e3749b13a0afab9f24d761d2969a9eff
SHA512

9a848b59ca9d72810c1c5864a77acb7666a3c497c2d8072216abc4b3adb980360ef179fc4ce29b51449ffee30af33146f7fd6340cc71876c10562fb679b745d9
SSDEEP

12288:fmY9JB+AAxC6IkynCeuXCWy/eVV2SbqahdwtyOyYBufkQZqTzxX20ICiRznqL:fPr41pIkXraeekqaIXufkQwTB22QrY

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

x07y

Decoy

oksa.life

utecak.shop

200mzeus.store

hopsphereviral.store

g6fqz07uyhlgwxf.shop

ntentwicket.asia

ele88.buzz

3233.pizza

ataract-surgery-54329.bond

utsidetheguardrails.net

lkpiou.xyz

nline-gaming-56806.bond

arehouse-inventory-23414.bond

sphalt-jobs-98701.bond

p82520.icu

hetopgraded.shop

okoresmi.life

su41k7v.xyz

lwaset.net

onitoring-devices-18459.bond

Targets

- Target
  
  Envio de documento OC016 PAGO192025.Pdf-password(2Qo0Qsm6).zip
- Size
  
  867KB
- MD5
  
  eaccce8a63a1cdccd71b6efc8091a339
- SHA1
  
  cc9f3f48979e3ee61f1a7a1e94b25d07fe1ed562
- SHA256
  
  ddf0e277fe57779b5afcd54250f583e6e3749b13a0afab9f24d761d2969a9eff
- SHA512
  
  9a848b59ca9d72810c1c5864a77acb7666a3c497c2d8072216abc4b3adb980360ef179fc4ce29b51449ffee30af33146f7fd6340cc71876c10562fb679b745d9
- SSDEEP
  
  12288:fmY9JB+AAxC6IkynCeuXCWy/eVV2SbqahdwtyOyYBufkQZqTzxX20ICiRznqL:fPr41pIkXraeekqaIXufkQwTB22QrY
Score

5^/10

discovery
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  d789879fb4a6c42171f2cb73a8d85d094629eea7ae02f74d55263403b6358ef9.eml
- Size
  
  866KB
- MD5
  
  88c77cc2e6e9d9f6deb1f001910d4c2b
- SHA1
  
  0f6fdcef13a6b1bc7f32598ee6e18693fd5566f6
- SHA256
  
  185a044604b0a636b9da7f2406bfd4524df50287bcf694ed0b085770e5cbdad2
- SHA512
  
  ce8c3add88bec211a1a977bdd1076690f58f18514f57d3ae7cae56680c4abe16e647b9f8019a246d1f6a29d5adaa18253aac6382469a3a493e0206ac1cffbae7
- SSDEEP
  
  24576:p4LWPLhm22nJC1La+XBcnXWRcR3v6QB6IXNq:pm85mWiv6Hz
Score

5^/10

discovery
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  COMPROBANTE FAC PAG 1312025pdf.zip
- Size
  
  630KB
- MD5
  
  7ffa7bd8790d363f6ce75a196fbfaaa3
- SHA1
  
  24988819575beb787dcc8ea750fc7a34212d66d8
- SHA256
  
  f74672bff56ee501992e93951a793b71e7850902a4f25a00616129aa5cad1edc
- SHA512
  
  63d5972b6a5d4a203fbc622cdf09a423f6d8f179200d2b3727945454a01e03981747b051a4b85999837d00f7b9601dad7db6f282ec3feb0377e6f3f00073fc28
- SSDEEP
  
  12288:QXICvZqhH4xGcIKho8cGZOLmBE6tlNuyoisvbXC0AOIUPR7GIzixVx:kIQLGcPhwGZmmBE6XNnRejH1GIzkT
Score

1^/10
behavioral5 behavioral6
- Target
  
  COMPROBANTE FAC PAG 1312025pdf.exe
- Size
  
  1.0MB
- MD5
  
  e4ae748b24c33178f1203895c632daef
- SHA1
  
  9e6bd03f721da74a1412f80ed5615c14ef85434e
- SHA256
  
  920dba5848da51e0cd39ced7ef38fd1640e9aa0142b75a5a957ef7abf879a298
- SHA512
  
  f0e9ee3d27fb29918d5b12f4aa48d66f6fe7ca13081ee1e011ecdac22506b6f45b0095a3c6655d398a9e02a84f7c56441c341a3c37fb432956f5fbde2d5154d3
- SSDEEP
  
  24576:wAHnh+eWsN3skA4RV1Hom2KXMmHaecUtHlGAcg5:nh+ZkldoPK8YaecUtHlB
Score

10^/10

discovery formbook x07y rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral7 behavioral8
- Target
  
  email-plain-1.txt
- Size
  
  48B
- MD5
  
  d0f2e7ecb0fad43a885a6f36a4444615
- SHA1
  
  f8847e3881933da454c9cf1b1dc989d929dc42a7
- SHA256
  
  fc1cb464cd848905de05667e13beba16f7c946a816c3cd0f9f8aeffdec162f54
- SHA512
  
  f73c585f56659f0e29f98f75c5f5bae84d41515bf863fd1edf2ef1d5b4235d6599b80ded9a7e2b147df28adf5368dce66024d741c3c0ce7ed5c00264c7e9b5c8
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

Drops file in System32 directory

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10