formbook

General

Target

cbb82dc50125685fa210511ced2f8ce4012170d4fb273df82b72c715135883b7
Size

559KB
Sample

250129-c9pv5a1pen
MD5

686361b2fc6316e1a88337ce263739db
SHA1

50882df987db89e68a761f2b86897e1686979fff
SHA256

cbb82dc50125685fa210511ced2f8ce4012170d4fb273df82b72c715135883b7
SHA512

2d81a741197a3e9035ae1645f8eba1cd7ee1f8a89e7391fc04679eba823aec1fc36d487e02a70a19741693d8a23e51b1923d930bcdebb55974cc7696825bd20e
SSDEEP

12288:h+ZaUOXzDptRAd16DAmnPGpzXV3foMMQLEkIaglKxM3gKmWP8INXI:h+ZazDZACDAWOpdoMMJkIadKgzpCI

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a38m

Decoy

rtfosters.net

ental-implants-97548.bond

raphic-design-degree-15820.bond

ompraninjas.shop

indmyusedcar.today

rumptraumasupport.net

uozwear.xyz

etron.xyz

dultlivebroadcast09.today

ypegen.net

arehouse-inventory-54057.bond

27961.pizza

ortable-ai.xyz

pioxc.xyz

nline-advertising-76059.bond

rendyshack.store

pa-services88.life

aftarpragmatic218gacor.online

yb1054.shop

8x189.xyz

Targets

- Target
  
  PURCHASE ORDER_QUOTATION.exe
- Size
  
  1.0MB
- MD5
  
  2dd7e760d5fe60a8733f365653848f8e
- SHA1
  
  8c8b8b2b15c5062bf71a9e7f7ca5dbe157c546fd
- SHA256
  
  c46750639d660e92cfb0e41eb1fc67c554589196345e03fe8af00faa1926fbc5
- SHA512
  
  ba96737bb5fec71cd9d53d772680b5af063f4c03a464bc8556df67cffa2993de60a81f1f0c3fb07a2f294934702325947fec203f0be3e54b04102f5ab9099f35
- SSDEEP
  
  24576:/AHnh+eWsN3skA4RV1Hom2KXFmIaoqD+ezzkrY4LuE5:ih+ZkldoPK1XaoqDJv4V
Score

10^/10

formbook a38m discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2