formbook

General

Target

59e8de29b4c037daed8c68ea9cdd7eac9531bdac170e7967ed84e38bd62327c2N.exe
Size

1.3MB
Sample

250115-2cfzdsxmfy
MD5

6e978a92fe81679e6a7a46eb8f5a5480
SHA1

8f2f6114ed14e429fa4e0f1db262adfee67cef3d
SHA256

59e8de29b4c037daed8c68ea9cdd7eac9531bdac170e7967ed84e38bd62327c2
SHA512

38e79b3960cb6c97afa25c8190f054242a1dfd0824afe96974d9746022b95201ca37159af3edeecc0e287d520f16bca0c73173d96195b9fc45491817d6e079fe
SSDEEP

24576:/qDEvCTbMWu7rQYlBQcBiT6rprG8anXU3+JBbD0i+46+wzxH:/TvC/MTQYxsWR7anE3Qd6

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

nw03

Decoy

eniorshousing22.life

kinbar.club

ontovna.fun

endeepro.info

ouchesbaby.online

andscaping-jobs-23499.bond

kylinerental.net

ealthcare-software-62251.bond

arehouse-inventory-48722.bond

gghjcb.bid

pinhere.online

vintekstil.xyz

evitco.store

fcws.xyz

fdifg.icu

utomotivejobs.today

entalveneerscanada504883.icu

d5t.lat

yyl.uno

iffort.shop

Targets

- Target
  
  59e8de29b4c037daed8c68ea9cdd7eac9531bdac170e7967ed84e38bd62327c2N.exe
- Size
  
  1.3MB
- MD5
  
  6e978a92fe81679e6a7a46eb8f5a5480
- SHA1
  
  8f2f6114ed14e429fa4e0f1db262adfee67cef3d
- SHA256
  
  59e8de29b4c037daed8c68ea9cdd7eac9531bdac170e7967ed84e38bd62327c2
- SHA512
  
  38e79b3960cb6c97afa25c8190f054242a1dfd0824afe96974d9746022b95201ca37159af3edeecc0e287d520f16bca0c73173d96195b9fc45491817d6e079fe
- SSDEEP
  
  24576:/qDEvCTbMWu7rQYlBQcBiT6rprG8anXU3+JBbD0i+46+wzxH:/TvC/MTQYxsWR7anE3Qd6
Score

10^/10

formbook nw03 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2