formbook

General

Target

F2BB1EBAD2E1436DEAA5DE5D110EF668
Size

530KB
Sample

250204-kr3cha1qh1
MD5

f2bb1ebad2e1436deaa5de5d110ef668
SHA1

5514942406f123558024aaf60ad72563e09de5ab
SHA256

25a5bfa90c4638ec693f2fd253604f0c5e0acd120a658b7578861b99861c472f
SHA512

c9a59f6cebf1a02ab54f572391943ff802414f711180e0dd7b31858d5ac3abfa2487a9e2696648034d95c48f2a8657a716fe19bc24ea221d0415755c8f9521c2
SSDEEP

12288:WbButTuHDI77ZZkdFVyIQlQi5wmSKb46I6tmNkf1+SLrg:wBjI7UD3QlQi5W846YN41+SLrg

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oy30

Decoy

rfc234.top

danielcavalari.com

elperegrinocabo.com

aryor.info

surelistening.com

premium-numero-telf.buzz

orlynyml.click

tennislovers-ro.com

holdmytracker.com

eewapay.com

jaimesinstallglass.com

damactrade.net

swapspecialities.com

perfumesrffd.today

salesfactory.pro

supportive-solutions.com

naiol.com

khoyr.com

kalendeargpt44.com

web-tech-spb.store

Targets

- Target
  
  QYqXYpTo9nLX2kX.exe
- Size
  
  554KB
- MD5
  
  7fda0310485ec8de0a5bc10e1d027284
- SHA1
  
  3ada290a132e69fd88b5c9f8beac4ea2ee3655de
- SHA256
  
  50b35f848446146fece2aef6b039a20230bad0040cdd39084675a466792cff52
- SHA512
  
  6b9b7f0ce3959fab35bb961f53500c5a7ffc605698f765f59d661e4dd07e4408628cd1a0ae24b9cdbcaddce7973fd2154f3730901a3ef0e4cb0c2ddb125a826d
- SSDEEP
  
  12288:hw5d04ufAI2LK5Td3suvB+1rA5fgZQTDVlGF7u2GfGZyVgIRi:y5d+fAtm5p3sceAFgQhgF7ulGZaR
Score

10^/10

formbook oy30 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2