formbook

General

Target

Purchase Order 30 August 2022-02414291423394140374553.exe
Size

89KB
Sample

220830-jqepdadhfn
MD5

0c3e17513995f23e55698258b1182ff8
SHA1

102f3d910b9b5718d32cb53c742321fdbe1f3cf8
SHA256

54fae569dce7e163b82278e3353f28978511f3af6ef2f444ee5b2034a88af61e
SHA512

e17a9fbb516248fc44ba6dd3175130151764f6c41b9333037485ed1ddc6941d0a7d86d67efe5a2f7d4c399833ba985e8af49f0a5a8c9cc9fb4446cd9ae47562e
SSDEEP

768:M5Q7BWvdus8AS2ymNBqPrDhKD+sHmIBPu/5FXa7IkZsdmR/9UfaJAMnHSiU/2C7B:cxBMPtr/d0zRpSZ5adaht

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ba17

Decoy

zoltaron.tech

exopets.online

trippingtravel.com

banded.top

shinebrightdesigns.co.uk

djlbb.com

abcsofmindfulness.com

linkaktifasialive88.club

185068.sbs

tjhongguo.com

portaldigi.store

theshoe.club

r-ceive.app

kmwww.top

search-publishing.com

banksmanlights.net

flyonthewallmovie.com

congrulations.website

trnt.store

udajabojka.xyz

Targets

- Target
  
  Purchase Order 30 August 2022-02414291423394140374553.exe
- Size
  
  89KB
- MD5
  
  0c3e17513995f23e55698258b1182ff8
- SHA1
  
  102f3d910b9b5718d32cb53c742321fdbe1f3cf8
- SHA256
  
  54fae569dce7e163b82278e3353f28978511f3af6ef2f444ee5b2034a88af61e
- SHA512
  
  e17a9fbb516248fc44ba6dd3175130151764f6c41b9333037485ed1ddc6941d0a7d86d67efe5a2f7d4c399833ba985e8af49f0a5a8c9cc9fb4446cd9ae47562e
- SSDEEP
  
  768:M5Q7BWvdus8AS2ymNBqPrDhKD+sHmIBPu/5FXa7IkZsdmR/9UfaJAMnHSiU/2C7B:cxBMPtr/d0zRpSZ5adaht
Score

10^/10

formbook ba17 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Drops startup file

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2