formbook

General

Target

356b42b6824a606e883de088d6eba39d6aa9f65d6fa6af6c2b0144013d116763
Size

940KB
Sample

250218-jzpwpsynfs
MD5

3bd44d37c8c64efd3a94054c87e27ba3
SHA1

334e92ed8f7f49a76a1ee00bec7fd8903d90e9b3
SHA256

356b42b6824a606e883de088d6eba39d6aa9f65d6fa6af6c2b0144013d116763
SHA512

057fafffb18cee4a0ce9c0295a50900448c992b7a9c395fe40fb6fdbaaf31dc4662afdf891e1b19e6b98e56a3e66193b3726217a5dbff992329af9b7b508f04a
SSDEEP

24576:pqL7IN453L28GRpNq7N6I+1wHGfkLKfd70b:0IN2K8GNied70

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a94w

Decoy

elfast-cruisetours.today

uego.wtf

ealthcare-trends-21256.bond

enpuk.info

ealswithmeaning.net

lumber-jobs-54632.bond

q-test-45673.bond

chmollinger.info

sibot.tech

utomation-tools-92232.bond

urasiindo4dpools.net

tbldg.world

raffitishop.online

mwa.info

iloubloiu-im.monster

agprime.life

yshopva.xyz

onstruction-services-27125.bond

enet.xyz

ontentexclusive.shop

Targets

- Target
  
  356b42b6824a606e883de088d6eba39d6aa9f65d6fa6af6c2b0144013d116763
- Size
  
  940KB
- MD5
  
  3bd44d37c8c64efd3a94054c87e27ba3
- SHA1
  
  334e92ed8f7f49a76a1ee00bec7fd8903d90e9b3
- SHA256
  
  356b42b6824a606e883de088d6eba39d6aa9f65d6fa6af6c2b0144013d116763
- SHA512
  
  057fafffb18cee4a0ce9c0295a50900448c992b7a9c395fe40fb6fdbaaf31dc4662afdf891e1b19e6b98e56a3e66193b3726217a5dbff992329af9b7b508f04a
- SSDEEP
  
  24576:pqL7IN453L28GRpNq7N6I+1wHGfkLKfd70b:0IN2K8GNied70
Score

10^/10

formbook a94w discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2