formbook

General

Target

ETA BL PRO987659 FEDHL8998pdf.exe
Size

1.0MB
Sample

250330-xvgw7axlx4
MD5

36a044e6dd5a64160bed8d90f8cca6d3
SHA1

144e1408da99b2776249ecdb2bcf0bc259a2695c
SHA256

3a59a45b9ea6320db9a64910e02ea9d69419977c6dd5841752bae3b4fbbb661c
SHA512

256b902c0a8770ca51ecc4272e2c063c0d3131ee96c328411bd81851eeeef80126c09cc5e6abd3344b57d486bbb8ff2c2a6cce65d8696e41503e4fcf85e1a994
SSDEEP

24576:0Cdxte/80jYLT3U1jfsWaHQ7GKmkCuUHQ:lw80cTsjkWaHQ7VrCuN

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bn02

Decoy

atoto.online

iberdata.xyz

irinevlerbombaci.xyz

ofas-district.world

ar-loans-35530.bond

heneapolis.city

istapro.shop

lectronics-engineering.cfd

pecoincopilot.xyz

ravelconverter.net

td0t.info

ifestylebonus.pro

v-finance.info

uenstigesofas.today

upiterassistant.xyz

vitance.digital

uperstash.xyz

ursing-home-43203.bond

uefana.biz

inegameyz.digital

Targets

- Target
  
  ETA BL PRO987659 FEDHL8998pdf.exe
- Size
  
  1.0MB
- MD5
  
  36a044e6dd5a64160bed8d90f8cca6d3
- SHA1
  
  144e1408da99b2776249ecdb2bcf0bc259a2695c
- SHA256
  
  3a59a45b9ea6320db9a64910e02ea9d69419977c6dd5841752bae3b4fbbb661c
- SHA512
  
  256b902c0a8770ca51ecc4272e2c063c0d3131ee96c328411bd81851eeeef80126c09cc5e6abd3344b57d486bbb8ff2c2a6cce65d8696e41503e4fcf85e1a994
- SSDEEP
  
  24576:0Cdxte/80jYLT3U1jfsWaHQ7GKmkCuUHQ:lw80cTsjkWaHQ7VrCuN
Score

10^/10

formbook bn02 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2