formbook

General

Target

26062024_1132_25062024_ORDER #8774598644.pdf.xz
Size

583KB
Sample

240626-nnsknssgje
MD5

8857cba15dd5187ef2628a28e02c4a91
SHA1

dafc6b939d879771e76f2dd7d788764202e704f0
SHA256

6d0a79ac97ad96ecfea9b89fe36249dc9eb6cbd2dd60fb46c463ad6d76d7bb02
SHA512

dcb8eb0ce3a984c0ce97c49b5e8f28257ec2c33dab1c62b59a953d05111db47691c037f779de11c4b382294e1d2e3f53a82290ecedc0faf545a02904b5048577
SSDEEP

12288:gQJj3rUkf3pnXcz/ogXjbSSY544KeFeG+/7ZkSFWDTfCboogVj:3rrbRu/SD544KeL+jvWchs

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rn94

Decoy

st68v.xyz

conciergenotary.net

qwechaotk.top

rtpdonatoto29.xyz

8ad.xyz

powermove.top

cameras-30514.bond

vanguardcoffee.shop

umoe53fxc1bsujv.buzz

consultoriamax.net

hplxx.com

ndu.wtf

yzh478c.xyz

bigbrown999.site

xiake07.asia

resdai.xyz

the35678.shop

ba6rf.rest

ceo688.com

phimxhot.xyz

Targets

- Target
  
  ORDER #8774598644.pdf.exe
- Size
  
  1.0MB
- MD5
  
  2d3ee28273908c49fd61b2b682a77d7c
- SHA1
  
  52a9468e0a9815e6d4567de69e0fd46725904e26
- SHA256
  
  7775c0292610f35e3db09d7e06343f212a24e490085ee11f8121fa65db61dcfa
- SHA512
  
  38691df68b324fed73fcbffe369acce07d2ef948dfdedf40802ff73522c32b3c7f57de1a132d1b8d9e8b89f3d3fd1631411228bf2794d3e5a705d6cf349365ed
- SSDEEP
  
  24576:6AHnh+eWsN3skA4RV1Hom2KXMmHathMXQKuyroqVL5:Nh+ZkldoPK8YathMQK5oi
Score

10^/10

formbook rn94 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Drops startup file

Executes dropped EXE

Loads dropped DLL

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2