formbook

General

Target

RFQ PC25-1301 Product Specifications_PDF.7z
Size

873KB
Sample

250121-mvv4pszke1
MD5

7297413d7b4f8f502ffe24553751f98d
SHA1

42168e3bad92197de796b272fd07ead86a66d59e
SHA256

49ad7ec85c6bd257055d90a7d4e0aeada2e31620b9fc6f36e82f48416c25ce33
SHA512

baf0a88bdd9c6afbc4ccc413f55a8575a3051718ba78a2adc261279bf91b119c57f59d22632d4ec116063a9b20d566e3dca1a677b5a4f9ab9b37533b889c56e3
SSDEEP

24576:FPw0ZO/dZ+KnPL31YTnJRxFpXLb9W1T+e9:yG2nzWTnJ3bSTz9

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

hwu6

Decoy

lf758.vip

locerin-hair.shop

vytech.net

pet-insurance-intl-7990489.live

thepolithat.buzz

d66dr114gl.bond

suv-deals-49508.bond

job-offer-53922.bond

drstone1.click

lebahsemesta57.click

olmanihousel.shop

piedmontcsb.info

trisula888x.top

66sodovna.net

dental-implants-83810.bond

imxtld.club

frozenpines.net

ffgzgbl.xyz

tlc7z.rest

alexismuller.design

Targets

- Target
  
  RFQ PC25-1301 Product Specifications_PDF.7z
- Size
  
  873KB
- MD5
  
  7297413d7b4f8f502ffe24553751f98d
- SHA1
  
  42168e3bad92197de796b272fd07ead86a66d59e
- SHA256
  
  49ad7ec85c6bd257055d90a7d4e0aeada2e31620b9fc6f36e82f48416c25ce33
- SHA512
  
  baf0a88bdd9c6afbc4ccc413f55a8575a3051718ba78a2adc261279bf91b119c57f59d22632d4ec116063a9b20d566e3dca1a677b5a4f9ab9b37533b889c56e3
- SSDEEP
  
  24576:FPw0ZO/dZ+KnPL31YTnJRxFpXLb9W1T+e9:yG2nzWTnJ3bSTz9
Score

1^/10
behavioral1 behavioral2
- Target
  
  RFQ PC25-1301 Product Specifications_PDF.exe
- Size
  
  1.6MB
- MD5
  
  df85a6fea907176063e6dc8ad2888bfb
- SHA1
  
  450837ad62e143afee717c52264e21d253bd2a74
- SHA256
  
  28818006253d45c3dd643095a63892bf730611b9347b8f3b930be3efffa908d8
- SHA512
  
  c25297581c5e420ac0f092b481c8a54454addc461b97171a69c81a0dfbeec632323e9f8b7d73ee4097078c3bef3ce766f9dcb2df6c898e44b64b064850300c58
- SSDEEP
  
  24576:3tb20pkaCqT5TBWgNQ7aeqyfpzUZS5jx7NXL14W1v+GsIZ6A:0Vg5tQ7aahzUZS571xvD5
Score

10^/10

formbook hwu6 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4