formbook

General

Target

be332dbd8e08a4dd3e74b79814ef5a9d3d141a9f16809b78c0775b1b75255727
Size

612KB
Sample

250326-cmzrtazjt3
MD5

cdd51dd4bb941e6525fb82d2dd392c35
SHA1

0df7c6f825127377cede3a62865f6dc7e1c4276e
SHA256

be332dbd8e08a4dd3e74b79814ef5a9d3d141a9f16809b78c0775b1b75255727
SHA512

b1e825e2816646fa03097f4fec44d4845b387f92f888c8b078e34c34c47f4afbb318bb82c9369dc05d89d5b5ba120c521f226e615c4599d8c5b206f872906942
SSDEEP

12288:jgDYSxXJfmOf5jJy+S3c6phz8RAu3RxtXZ8AVFVBmpF5bgHVOw60:jgD/xBa66oRAcRTZ8AVMpk1H

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sa38

Decoy

nguinal-hernia-933151178.click

oodfate.pics

aurafood.shop

esolved.lol

iuif.xyz

opguess.xyz

ocesempremelhor.fun

co2020.net

lotek.club

oshy.tech

heck-buy1101.shop

ooltoken.xyz

ountrywordlick.lifestyle

edical-services-90443.bond

cats.computer

ast-news.net

oroscope-prediction2.today

eb3coin.club

estaccom.net

ali8886.net

Targets

- Target
  
  Attendance Salary- March 2025_pdf.exe
- Size
  
  1.0MB
- MD5
  
  e740d48a80acb9e1dc9d6db2a5168cdd
- SHA1
  
  347bae9058c0d16d1708c53e692ffcc114d2fa9f
- SHA256
  
  3b5e784be046225a8aa044b751ab7ddc4ec59eb00104f2e9a8b0f47ce039ec2b
- SHA512
  
  f86bec3d723ab614ff1db85d92d50420b4b3f6f23297b95e9c42a416691321fc18ea0e6bbbc56fc45cc63b03e8c60b0428a2edaf9b87fdeeda9960a47fb0cfb7
- SSDEEP
  
  24576:1u6J33O0c+JY5UZ+XC0kGso6FajFZwAfu/41v1IWY:Xu0c++OCvkGs9FajFZpfu/4TY
Score

10^/10

formbook sa38 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2