formbook

General

Target

9c79d2e3868fd10e6021deaf8615f427b7bbaa1fdb926263afb3fc6854298ccc
Size

828KB
Sample

250121-s46vfs1kfy
MD5

17786a57a67277e4c22bf983fbf3d877
SHA1

a1448c865c5aa3e1550648978dc21087f3440508
SHA256

9c79d2e3868fd10e6021deaf8615f427b7bbaa1fdb926263afb3fc6854298ccc
SHA512

0a25042c77dc0ba8c4f7a1b9aa32819d4e108e0da43c628f708da7a96da21324436a406a29609f49cb7194a14d5a14b7ace2cbec2d42998d264143ce377b01ff
SSDEEP

24576:pxN2cPKpYE5ExpcPEJwHRpbZOQIJnx0F8yGuaZL8Px5BOPx15:RKpLQ6DZOTJnxm8yGj8PxzO/5

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a38m

Decoy

rtfosters.net

ental-implants-97548.bond

raphic-design-degree-15820.bond

ompraninjas.shop

indmyusedcar.today

rumptraumasupport.net

uozwear.xyz

etron.xyz

dultlivebroadcast09.today

ypegen.net

arehouse-inventory-54057.bond

27961.pizza

ortable-ai.xyz

pioxc.xyz

nline-advertising-76059.bond

rendyshack.store

pa-services88.life

aftarpragmatic218gacor.online

yb1054.shop

8x189.xyz

Targets

- Target
  
  New Order PO#86637.exe
- Size
  
  1.3MB
- MD5
  
  669ac6566f4bf89526d5ff89a8085d64
- SHA1
  
  ea3e169245d04378cecc45e9cbb101d7f2d99d4b
- SHA256
  
  0a44913cdf4b59dd1ddf9221c8d59ff091e235c7183d019f2b945b8a46cca79e
- SHA512
  
  bfe1b2378e9f7fe037259c73721aad315444c1181d4ea8d70e5d65a121c90e94a7744cd60626de82f25d577afef00fa783aa541b29a1c2915f4f09869d0f32d8
- SSDEEP
  
  24576:ztb20pkaCqT5TBWgNQ7avSzU8VlCqyPBSMK7FK4neTaKR4h956A:wVg5tQ7avczvtgBSMKU4nEaKRw5
Score

10^/10

formbook a38m discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2