formbook

General

Target

borgarzy4.1.exe
Size

1.6MB
Sample

250121-m2kxbazmhw
MD5

df85a6fea907176063e6dc8ad2888bfb
SHA1

450837ad62e143afee717c52264e21d253bd2a74
SHA256

28818006253d45c3dd643095a63892bf730611b9347b8f3b930be3efffa908d8
SHA512

c25297581c5e420ac0f092b481c8a54454addc461b97171a69c81a0dfbeec632323e9f8b7d73ee4097078c3bef3ce766f9dcb2df6c898e44b64b064850300c58
SSDEEP

24576:3tb20pkaCqT5TBWgNQ7aeqyfpzUZS5jx7NXL14W1v+GsIZ6A:0Vg5tQ7aahzUZS571xvD5

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

hwu6

Decoy

lf758.vip

locerin-hair.shop

vytech.net

pet-insurance-intl-7990489.live

thepolithat.buzz

d66dr114gl.bond

suv-deals-49508.bond

job-offer-53922.bond

drstone1.click

lebahsemesta57.click

olmanihousel.shop

piedmontcsb.info

trisula888x.top

66sodovna.net

dental-implants-83810.bond

imxtld.club

frozenpines.net

ffgzgbl.xyz

tlc7z.rest

alexismuller.design

Targets

- Target
  
  borgarzy4.1.exe
- Size
  
  1.6MB
- MD5
  
  df85a6fea907176063e6dc8ad2888bfb
- SHA1
  
  450837ad62e143afee717c52264e21d253bd2a74
- SHA256
  
  28818006253d45c3dd643095a63892bf730611b9347b8f3b930be3efffa908d8
- SHA512
  
  c25297581c5e420ac0f092b481c8a54454addc461b97171a69c81a0dfbeec632323e9f8b7d73ee4097078c3bef3ce766f9dcb2df6c898e44b64b064850300c58
- SSDEEP
  
  24576:3tb20pkaCqT5TBWgNQ7aeqyfpzUZS5jx7NXL14W1v+GsIZ6A:0Vg5tQ7aahzUZS571xvD5
Score

10^/10

discovery formbook hwu6 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2