formbook | f57e89942735ce5ecf194ff7161c0c4419b989ce4ce5bed6a8c752315029ecaf | Triage

Sharing

General

Target

f57e89942735ce5ecf194ff7161c0c4419b989ce4ce5bed6a8c752315029ecaf
Size

247KB
Sample

220201-bce4zsedhl
MD5

88f0e6cbe41286dd45151c4de2fd11bc
SHA1

f42629285d102745cd8a557a6b9bacd51314eb08
SHA256

f57e89942735ce5ecf194ff7161c0c4419b989ce4ce5bed6a8c752315029ecaf
SHA512

6a27f0732c4bafaedaaab21f476439e5fd3ff96a7f3df6945e283b0c9650655d0112d53c7d6d61e43aeb5a8b9d176644c101a6b90fc0d62a9d837058f217cead

Score

10^/10

formbook b16b rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b16b

Decoy

starnettingsolution.com

fk-5.com

coincluod.com

signs4pro.com

palladium3d.com

jaritolvanen.com

kinpatu-nadesiko.com

wholebites.net

lunky.online

gotoinfinity.com

ass1st4v41lable4.com

footballshootball.com

arabpov.com

wu6a3gt80pqa.xyz

retrofittunes.com

marchenko-web.space

angelusdai.xyz

festivalgrupohonda.com

qatarairwwys.com

momomelb.com

Targets

- Target
  
  f57e89942735ce5ecf194ff7161c0c4419b989ce4ce5bed6a8c752315029ecaf
- Size
  
  247KB
- MD5
  
  88f0e6cbe41286dd45151c4de2fd11bc
- SHA1
  
  f42629285d102745cd8a557a6b9bacd51314eb08
- SHA256
  
  f57e89942735ce5ecf194ff7161c0c4419b989ce4ce5bed6a8c752315029ecaf
- SHA512
  
  6a27f0732c4bafaedaaab21f476439e5fd3ff96a7f3df6945e283b0c9650655d0112d53c7d6d61e43aeb5a8b9d176644c101a6b90fc0d62a9d837058f217cead
Score

10^/10

formbook b16b rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookb16bratspywarestealertrojan