formbook

General

Target

c419a459e0f21efa0a4df35367d1607d5999dbc28a325b9da61ed3f5f9b9ba3a.exe
Size

1.1MB
Sample

250124-gjp6essrew
MD5

e2fec48293a8580213ee6fa61b37b776
SHA1

00751d38864cfe890150b2e4d1bcd05c09bc80bc
SHA256

c419a459e0f21efa0a4df35367d1607d5999dbc28a325b9da61ed3f5f9b9ba3a
SHA512

6c580cbf6c8c9ae57f9ec67af61fed731de25c5a56a1668949b722e79a31f83e89f8a5d5deab5939cba156631842fb5134fbb722d8b1c6ca6d94f0a7e9951a55
SSDEEP

24576:uRmJkcoQricOIQxiZY1iaCCudvbmcRXrAd9FTlHDKJ:7JZoQrbTFZY1iaCvpmcprAd9FTtM

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a38m

Decoy

rtfosters.net

ental-implants-97548.bond

raphic-design-degree-15820.bond

ompraninjas.shop

indmyusedcar.today

rumptraumasupport.net

uozwear.xyz

etron.xyz

dultlivebroadcast09.today

ypegen.net

arehouse-inventory-54057.bond

27961.pizza

ortable-ai.xyz

pioxc.xyz

nline-advertising-76059.bond

rendyshack.store

pa-services88.life

aftarpragmatic218gacor.online

yb1054.shop

8x189.xyz

Targets

- Target
  
  c419a459e0f21efa0a4df35367d1607d5999dbc28a325b9da61ed3f5f9b9ba3a.exe
- Size
  
  1.1MB
- MD5
  
  e2fec48293a8580213ee6fa61b37b776
- SHA1
  
  00751d38864cfe890150b2e4d1bcd05c09bc80bc
- SHA256
  
  c419a459e0f21efa0a4df35367d1607d5999dbc28a325b9da61ed3f5f9b9ba3a
- SHA512
  
  6c580cbf6c8c9ae57f9ec67af61fed731de25c5a56a1668949b722e79a31f83e89f8a5d5deab5939cba156631842fb5134fbb722d8b1c6ca6d94f0a7e9951a55
- SSDEEP
  
  24576:uRmJkcoQricOIQxiZY1iaCCudvbmcRXrAd9FTlHDKJ:7JZoQrbTFZY1iaCvpmcprAd9FTtM
Score

10^/10

formbook a38m discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2