formbook

General

Target

cea5d90803c6d7d433e520b7be5e5282020800d7b984514f9675de290644f60d
Size

643KB
Sample

250204-fc6ddswkcw
MD5

4a92434d234c4fa58ab167138ddd34f7
SHA1

c7f98ed4a157aababd988fb1d5a3e288de6c7214
SHA256

cea5d90803c6d7d433e520b7be5e5282020800d7b984514f9675de290644f60d
SHA512

b3d47d681a2fe55a130c9dc888f3ccfb127d6c39203659b02643b78d0ff0f79ed64afb4729f832fbbd2fc85fc796f46d2dacd415ddcc2a8d67ffb0de6643ec55
SSDEEP

12288:69OLGCRB4JIAzoA9M/oBQVl0gRH/x5IYGBISqs5VW+tupAHmoGzGksrnAqwbXHU:69OHIIAMrAEl0gRH/xqYi2AWcgoGYrdV

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

aw63

Decoy

moothwolf.zone

remier-rgv.net

lwfff.fun

ater-leak-4321.click

osyalguzelanadolum.online

ifqyqhc.xyz

fos.center

cciqrdi.xyz

all-center-78598.bond

jcgpmif.xyz

ionttogell.net

58kpwm906r.shop

ook-therapy.net

emenbergcsp.net

ortexioner.digital

ztidqn.info

hazhai.lol

rofood.biz

unzhuo.cfd

r-outsourcing-64055.bond

Targets

- Target
  
  INQUIRY.exe
- Size
  
  689KB
- MD5
  
  f12960960ffcf4c9765daac91377f126
- SHA1
  
  42dd3f85af33aaed082b9cfc53aae76fdc39e418
- SHA256
  
  c52f08e31d55081182366aa8a2a1dde48d8e78f7cdd079fda0d64350dd7162b2
- SHA512
  
  36eede9c13894860363fe81496613529696df757f01d38eb133122cf1026d2901784ad9c2aeffd034136d60067467f9c1c8da0f1c473618cd1e5bda3b23acc42
- SSDEEP
  
  12288:kBX/UcCRbiJIAhoA9MxoBQVl0gRHDx5GYGB6K4s5ZW+tWpAHmuG3GkAr9RrQ2/:kNY4IAereEl0gRHDxcYio2WcYuGgr
Score

10^/10

formbook aw63 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2