formbook

General

Target

Supplies Quotes 1029837.exe
Size

692KB
Sample

250205-h56wqsxnfl
MD5

7d7fa5bbd40333dc8d2987e91b119c9a
SHA1

7ed94ccf6d6b42e373c492f6df2bca92a8c2f190
SHA256

be689687f31bdae68fe666068033c3ca36c2169bb27b4a7cf43db71826cb2753
SHA512

083de79338c84a25586ace2c9b7673c40372d992b3a993e01a20113b72288e0a5e450d443fb5aa3ae16b0a38f20b268276f7e824dab1c652f827e97888b20609
SSDEEP

12288:7lEmfEoZ9E8c7jfn/YpfsEDJpHNk7s3BB874BdGjQCSz0R8Khzn3P/:7vMoE8cvnYJ3JpHNMs47MgQVFKhz

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

i62s

Decoy

uamentesaudavel.shop

nio.xyz

rginine12.live

ourmet94goodies.shop

dveo.xyz

epp.xyz

lexbreus.art

nline-gaming-32533.bond

znetio.info

hosaround.net

ecurity-apps-53798.bond

treamtiendat.xyz

ngomoney.online

wig.xyz

ills-au.today

megavine.shop

hatsea.net

nvestore.xyz

pasupplies.online

i-analyst.online

Targets

- Target
  
  Supplies Quotes 1029837.exe
- Size
  
  692KB
- MD5
  
  7d7fa5bbd40333dc8d2987e91b119c9a
- SHA1
  
  7ed94ccf6d6b42e373c492f6df2bca92a8c2f190
- SHA256
  
  be689687f31bdae68fe666068033c3ca36c2169bb27b4a7cf43db71826cb2753
- SHA512
  
  083de79338c84a25586ace2c9b7673c40372d992b3a993e01a20113b72288e0a5e450d443fb5aa3ae16b0a38f20b268276f7e824dab1c652f827e97888b20609
- SSDEEP
  
  12288:7lEmfEoZ9E8c7jfn/YpfsEDJpHNk7s3BB874BdGjQCSz0R8Khzn3P/:7vMoE8cvnYJ3JpHNMs47MgQVFKhz
Score

10^/10

formbook i62s discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2