formbook

General

Target

4e34261c6c9a13132de0cd35fe7309aae64554beb0021736a1f70e246417d8a5
Size

617KB
Sample

250121-kv6t4awmfk
MD5

0b27203a0fa6da0b62f659b973645043
SHA1

e08c1d869f5f369732fd28840005b9c4df9176f6
SHA256

4e34261c6c9a13132de0cd35fe7309aae64554beb0021736a1f70e246417d8a5
SHA512

8bbd2d476d6306410d5dcc296f70703278df70eb853cda5d330bbe162e14b106e85846dc80e823ac99b68a08f0ffaa0b547c37493dc725e16240adfb49d9c8ac
SSDEEP

12288:sQBha/fHfJ7RmOY0GKOrTH4s8s5bpCOl1jN5ul2p6ZxjfJJjN5waGpO1Qe:sQB0PxIOLI2ebpNg2p6ZxjfJJjTwaG1e

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g10k

Decoy

utomation-tools-91489.bond

nugandshimmer.store

agazalarburada.net

tockfrenzy.sbs

idrift.net

linds-curtains-49899.bond

armonysupport.net

issa.xyz

emza.xyz

animobilya.xyz

les.fun

uckaeth.vip

urusheasycart.shop

xploring6304.xyz

62288.pro

gencies.team

74411.vip

uxit.online

ailygrowth.xyz

errickmarconi.online

Targets

- Target
  
  Order Request.exe
- Size
  
  729KB
- MD5
  
  7946859837ebe9dfaf92cf3d3c17920e
- SHA1
  
  7537e9d4936ec5f8a3ee6fe84d12ba5fe767bec7
- SHA256
  
  662c96f27f4533d72e97b4cffe31be71d810dae4e6c1ac981060c38d3f627142
- SHA512
  
  3f706bf5e95d8229d4d81489d20e8597d7c52565f40c56a4f6150aebe4eba0d6f0aa81e1ce68616b73c43d33ded110008cdb99785525e7e78d560df0ef01021e
- SSDEEP
  
  12288:uKOlbxrN0IO8DfAOUg6OzrJIKSsLPnuOl3jN5MR236znjfDJjN5w+wSnZAb:C/fAO2KEaPnBW236znjfDJjTw+5
Score

10^/10

formbook g10k discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2