formbook

General

Target

bd8a38d06603be4dafa830f2a5faa9f55b3e24cb692314908dc246adad8c8999.exe
Size

1.1MB
Sample

240625-b6579sxdml
MD5

c8d850146b27ea87e5242f103088ef2d
SHA1

b7425314a1dd4316e2e7038d8cbf6a0a41804855
SHA256

bd8a38d06603be4dafa830f2a5faa9f55b3e24cb692314908dc246adad8c8999
SHA512

c2eaf840856f613cf7e71dbba6f5112c1b09c40cd3b7328322b27a3092229b125230264f7b2db6360bb285a65290d372ec23e74a91f11a10f3e15c2cef285f02
SSDEEP

24576:eAHnh+eWsN3skA4RV1Hom2KXMmHa6ZAXd/HGOeb7r5:Jh+ZkldoPK8Ya6ZAXd/mlbR

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

as02

Decoy

qwin777.com

robinhoods.live

h3jh-dal.pics

braindeadcopywriting.com

kktcbet1000.com

mpo0463.cfd

raboteshoes.com

ab1718.com

lowcrusiers.com

gregcopelandmusic.com

dkfndch.store

firstclassuni.com

00ewu1ub.com

shunweichemical.com

sugarits.com

marqify.com

mistmajik.com

trezip.online

tinytables.xyz

suestergocoaching.com

Targets

- Target
  
  bd8a38d06603be4dafa830f2a5faa9f55b3e24cb692314908dc246adad8c8999.exe
- Size
  
  1.1MB
- MD5
  
  c8d850146b27ea87e5242f103088ef2d
- SHA1
  
  b7425314a1dd4316e2e7038d8cbf6a0a41804855
- SHA256
  
  bd8a38d06603be4dafa830f2a5faa9f55b3e24cb692314908dc246adad8c8999
- SHA512
  
  c2eaf840856f613cf7e71dbba6f5112c1b09c40cd3b7328322b27a3092229b125230264f7b2db6360bb285a65290d372ec23e74a91f11a10f3e15c2cef285f02
- SSDEEP
  
  24576:eAHnh+eWsN3skA4RV1Hom2KXMmHa6ZAXd/HGOeb7r5:Jh+ZkldoPK8Ya6ZAXd/mlbR
Score

10^/10

formbook as02 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2