formbook

General

Target

009ba20b8c436d6b47e991e7a7f5afa3999f34096b3ee207fed916ab53af7c9b.exe
Size

1.1MB
Sample

250202-eel7vstpgv
MD5

69c8862e58dcc753cc52e3f73e36f78c
SHA1

9eaa869bc49a2282ef813d725b0238aca322af26
SHA256

009ba20b8c436d6b47e991e7a7f5afa3999f34096b3ee207fed916ab53af7c9b
SHA512

cbeaa097f55811ebc28c85ae373cf4477325f9bca896279a97189c4722592dcdfaa9636585a8ee4be2c2ef3784c271436c848c307e8ae2788ac5d95daeca08b0
SSDEEP

24576:ZBZt7PQlN9hybaN53lVMD3Wr8w/AulcP7/Y6wnIUYAoUyYNsKqlaO:bZZQVlK3Wa4cT/rFh5++V

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

i62s

Decoy

uamentesaudavel.shop

nio.xyz

rginine12.live

ourmet94goodies.shop

dveo.xyz

epp.xyz

lexbreus.art

nline-gaming-32533.bond

znetio.info

hosaround.net

ecurity-apps-53798.bond

treamtiendat.xyz

ngomoney.online

wig.xyz

ills-au.today

megavine.shop

hatsea.net

nvestore.xyz

pasupplies.online

i-analyst.online

Targets

- Target
  
  009ba20b8c436d6b47e991e7a7f5afa3999f34096b3ee207fed916ab53af7c9b.exe
- Size
  
  1.1MB
- MD5
  
  69c8862e58dcc753cc52e3f73e36f78c
- SHA1
  
  9eaa869bc49a2282ef813d725b0238aca322af26
- SHA256
  
  009ba20b8c436d6b47e991e7a7f5afa3999f34096b3ee207fed916ab53af7c9b
- SHA512
  
  cbeaa097f55811ebc28c85ae373cf4477325f9bca896279a97189c4722592dcdfaa9636585a8ee4be2c2ef3784c271436c848c307e8ae2788ac5d95daeca08b0
- SSDEEP
  
  24576:ZBZt7PQlN9hybaN53lVMD3Wr8w/AulcP7/Y6wnIUYAoUyYNsKqlaO:bZZQVlK3Wa4cT/rFh5++V
Score

10^/10

discovery formbook i62s rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Suspicious use of NtCreateUserProcessOtherParentProcess

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2