formbook

General

Target

b4682bd19ad6e524089a166d84401e2bdf904bfeb9d66f96c2d2dc1934fa30e4.r00
Size

562KB
Sample

250205-eqwknsypdw
MD5

74a11e6e5174c2fda4f82492e516fe95
SHA1

07fd600e928304ad691f39b52e27425647f7e667
SHA256

b4682bd19ad6e524089a166d84401e2bdf904bfeb9d66f96c2d2dc1934fa30e4
SHA512

12243061522a610e77ccad0ad266e998a037e972304b8ab13dd28a67366b933219cad19adc3432527a63b76ee34f9c8ba51e36ead64cb0bb3752d7846d345e32
SSDEEP

12288:9eouW/94gmZD7H529yNFr2rqrhUxR1sswe7IByPgEL3:9vuFRH8oJ2mGz2FQIUL3

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a38m

Decoy

rtfosters.net

ental-implants-97548.bond

raphic-design-degree-15820.bond

ompraninjas.shop

indmyusedcar.today

rumptraumasupport.net

uozwear.xyz

etron.xyz

dultlivebroadcast09.today

ypegen.net

arehouse-inventory-54057.bond

27961.pizza

ortable-ai.xyz

pioxc.xyz

nline-advertising-76059.bond

rendyshack.store

pa-services88.life

aftarpragmatic218gacor.online

yb1054.shop

8x189.xyz

Targets

- Target
  
  PO00299436 pdf.exe
- Size
  
  1.0MB
- MD5
  
  81058dec298cc79bdfbc425b81c83ac4
- SHA1
  
  638571e70a20101132659469f2e859db6fc3674b
- SHA256
  
  2f821a2fe9c043b3d733b026c68f56b48ec6dedeb63518590fdcbec615b7919b
- SHA512
  
  895471a1cd02853f7967942771aec0396802a183f565d0c2bd1e3a285c34c54672d72f8667cf7a27e558e9fa5489903924294bde2104f6fa9d5ad480286b592d
- SSDEEP
  
  24576:iAHnh+eWsN3skA4RV1Hom2KXFmIafhOdUYbs5:lh+ZkldoPK1Xafkddm
Score

10^/10

formbook a38m discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2