formbook

General

Target

yeni sifariş pdf.exe
Size

610KB
Sample

250326-qelf4sv1cz
MD5

614d0911a4db90a2ad750b5ec42640fb
SHA1

d33e0045ad249e4c85452ceac63c3d2bdb1d4df3
SHA256

5ade11c9dbb4f221d73784653c243c629ff804c6a4af5d5c8aad88d64e48a864
SHA512

31dcfd2d93faada4fa359f2c196a3fb7b598fb6c5d33b76595cb33146498978c8a79d73654a126c84315f1b0ba2782238d2ce2d87e0fccdb79e1770035aaadcd
SSDEEP

12288:qYVDa977OqHNNJMvpLP6V/DayvziAQVUg7/mo:qiaRN8LKDLbiAti

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kk18

Decoy

ampbelltx.info

omovremont.store

haiyaoder.top

18y6s32s.top

ykbai.website

riwh.bid

iuzhou15.top

ibdobreva.art

onfitdentwithkat.net

ransitplus.biz

oymcfaddin.art

zzicasino-21.buzz

essonsandblessings.shop

antappecah001.mom

amilianm.store

ertbz.xyz

ajbke.shop

plate.online

roblemclassified.online

ewssphere.one

Targets

- Target
  
  yeni sifariş pdf.exe
- Size
  
  610KB
- MD5
  
  614d0911a4db90a2ad750b5ec42640fb
- SHA1
  
  d33e0045ad249e4c85452ceac63c3d2bdb1d4df3
- SHA256
  
  5ade11c9dbb4f221d73784653c243c629ff804c6a4af5d5c8aad88d64e48a864
- SHA512
  
  31dcfd2d93faada4fa359f2c196a3fb7b598fb6c5d33b76595cb33146498978c8a79d73654a126c84315f1b0ba2782238d2ce2d87e0fccdb79e1770035aaadcd
- SSDEEP
  
  12288:qYVDa977OqHNNJMvpLP6V/DayvziAQVUg7/mo:qiaRN8LKDLbiAti
Score

10^/10

formbook kk18 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2