formbook

General

Target

348751b042f967c1fed0c3d665f91b741e61abdfd36233007bc85e9b1dd544c4.zip
Size

626KB
Sample

250116-c2eeesxlcv
MD5

70e0c898645abd558bfecf49610ec650
SHA1

310c8f146850703b50a126b404cdd9d0ce492100
SHA256

348751b042f967c1fed0c3d665f91b741e61abdfd36233007bc85e9b1dd544c4
SHA512

b48fedcdda9f6c9840dc329207e287fe45a58bfb80ecc0ad9469cf051c01b382a14e5751c2681b69f00ad6003db4b93920c900ddc357a198535b421f0035951f
SSDEEP

12288:ghhCCIw6/ae6ZN+6lzAKKpt4paSk0GA8YojWf8mhAlj6:WhC7x/DOtKpTtqMu8m/

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

x07y

Decoy

oksa.life

utecak.shop

200mzeus.store

hopsphereviral.store

g6fqz07uyhlgwxf.shop

ntentwicket.asia

ele88.buzz

3233.pizza

ataract-surgery-54329.bond

utsidetheguardrails.net

lkpiou.xyz

nline-gaming-56806.bond

arehouse-inventory-23414.bond

sphalt-jobs-98701.bond

p82520.icu

hetopgraded.shop

okoresmi.life

su41k7v.xyz

lwaset.net

onitoring-devices-18459.bond

Targets

- Target
  
  BOSCH PAGO HSBC1412025pdf.exe
- Size
  
  1.0MB
- MD5
  
  adbd76d68f892674a1eb95f01e18cd25
- SHA1
  
  624f6a7a3a81780755f895eac9c7b9c851db0bfc
- SHA256
  
  d546cebfb1797b7dec32853b3fec6147fa085159d6d77764dd6e8455ec1a23ae
- SHA512
  
  3e1feaabeb7f6898e3ac39761ebc7182180a5e846187f4f4adbf19550a7953821a281e464a62e3aae0951b4c97bb1abd3643dc14df1c2fb80236b8d8c75d4e8f
- SSDEEP
  
  24576:tAHnh+eWsN3skA4RV1Hom2KXMmHah7uYSUsZ2P5:Mh+ZkldoPK8YahLKo
Score

10^/10

formbook x07y discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2