formbook

General

Target

f74672bff56ee501992e93951a793b71e7850902a4f25a00616129aa5cad1edc.zip
Size

630KB
Sample

250115-efpdlsznav
MD5

7ffa7bd8790d363f6ce75a196fbfaaa3
SHA1

24988819575beb787dcc8ea750fc7a34212d66d8
SHA256

f74672bff56ee501992e93951a793b71e7850902a4f25a00616129aa5cad1edc
SHA512

63d5972b6a5d4a203fbc622cdf09a423f6d8f179200d2b3727945454a01e03981747b051a4b85999837d00f7b9601dad7db6f282ec3feb0377e6f3f00073fc28
SSDEEP

12288:QXICvZqhH4xGcIKho8cGZOLmBE6tlNuyoisvbXC0AOIUPR7GIzixVx:kIQLGcPhwGZmmBE6XNnRejH1GIzkT

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

x07y

Decoy

oksa.life

utecak.shop

200mzeus.store

hopsphereviral.store

g6fqz07uyhlgwxf.shop

ntentwicket.asia

ele88.buzz

3233.pizza

ataract-surgery-54329.bond

utsidetheguardrails.net

lkpiou.xyz

nline-gaming-56806.bond

arehouse-inventory-23414.bond

sphalt-jobs-98701.bond

p82520.icu

hetopgraded.shop

okoresmi.life

su41k7v.xyz

lwaset.net

onitoring-devices-18459.bond

Targets

- Target
  
  COMPROBANTE FAC PAG 1312025pdf.exe
- Size
  
  1.0MB
- MD5
  
  e4ae748b24c33178f1203895c632daef
- SHA1
  
  9e6bd03f721da74a1412f80ed5615c14ef85434e
- SHA256
  
  920dba5848da51e0cd39ced7ef38fd1640e9aa0142b75a5a957ef7abf879a298
- SHA512
  
  f0e9ee3d27fb29918d5b12f4aa48d66f6fe7ca13081ee1e011ecdac22506b6f45b0095a3c6655d398a9e02a84f7c56441c341a3c37fb432956f5fbde2d5154d3
- SSDEEP
  
  24576:wAHnh+eWsN3skA4RV1Hom2KXMmHaecUtHlGAcg5:nh+ZkldoPK8YaecUtHlB
Score

10^/10

formbook x07y discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2