formbook

General

Target

b50f7a9f1d86f988e480374a6f2bf9a9ed5773db6b2a6e84c4713748ec7a1271.exe
Size

1.0MB
Sample

250327-dyagqswyhz
MD5

df30c4108b16e9b4bc8c114b77fe3f51
SHA1

45816e511331aa682679eaf7246b71288c0ca5c4
SHA256

b50f7a9f1d86f988e480374a6f2bf9a9ed5773db6b2a6e84c4713748ec7a1271
SHA512

872955db63f85b52d963ac4346d28a3af1a53765fa3e87f84aa3808699278ae4f4ac6351da8a8ef1920c6f4a383f73eb75bfc137a8988521059ffeeea95658c2
SSDEEP

24576:Ju6J33O0c+JY5UZ+XC0kGso6FaVnt0KI9dOtVmVJWY:ru0c++OCvkGs9FaVnt0KI9dkVmmY

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bopi

Decoy

llink.net

monitoring-devices-79097.bond

fitdad.fitness

moutonneuropenihal.cloud

age-spot-treatment-89993.bond

online-advertising-64131.bond

work-abroad-30072.bond

gamefislot.xyz

tp11okebet303.xyz

rolexoff-watch.vip

office-space-26524.bond

ethgirls.xyz

protypepuggedpumpers.cloud

danielortega.dev

emerm.autos

appkanal-web.biz

paradisepsychotherapy.net

appalachiangunrange.club

zorahthyart.xyz

stratcte.shop

Targets

- Target
  
  b50f7a9f1d86f988e480374a6f2bf9a9ed5773db6b2a6e84c4713748ec7a1271.exe
- Size
  
  1.0MB
- MD5
  
  df30c4108b16e9b4bc8c114b77fe3f51
- SHA1
  
  45816e511331aa682679eaf7246b71288c0ca5c4
- SHA256
  
  b50f7a9f1d86f988e480374a6f2bf9a9ed5773db6b2a6e84c4713748ec7a1271
- SHA512
  
  872955db63f85b52d963ac4346d28a3af1a53765fa3e87f84aa3808699278ae4f4ac6351da8a8ef1920c6f4a383f73eb75bfc137a8988521059ffeeea95658c2
- SSDEEP
  
  24576:Ju6J33O0c+JY5UZ+XC0kGso6FaVnt0KI9dOtVmVJWY:ru0c++OCvkGs9FaVnt0KI9dkVmmY
Score

10^/10

formbook bopi discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2