formbook

General

Target

Purchase Order 30 August 2022.xz
Size

24KB
Sample

220830-jqepdadhfp
MD5

afbd07ca37d601bf7e364d79aacdefac
SHA1

1be669de307e46737906bab73b9f0daa967fe242
SHA256

682a3fbe3034ec05e248a6b3fa24c11f75caffe043388ea800829a2172be2f18
SHA512

48c170392b003fb6495467589f6ff3bb41d4a5d1bb58e82bf9143a3597b4c3852756a1420a1c9cce812d78d509dccbb55ce9e8f7df367763726996a9d1c29b94
SSDEEP

384:I1VbqkuNappaNI45alQOeLAJ2GNzo2jRar/pNsdUJuT+vOfRRRx5:IriypC5GUqFp9ar/py8ARRL

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ba17

Decoy

zoltaron.tech

exopets.online

trippingtravel.com

banded.top

shinebrightdesigns.co.uk

djlbb.com

abcsofmindfulness.com

linkaktifasialive88.club

185068.sbs

tjhongguo.com

portaldigi.store

theshoe.club

r-ceive.app

kmwww.top

search-publishing.com

banksmanlights.net

flyonthewallmovie.com

congrulations.website

trnt.store

udajabojka.xyz

Targets

- Target
  
  Purchase Order 30 August 2022-02414291423394140374553.exe
- Size
  
  89KB
- MD5
  
  0c3e17513995f23e55698258b1182ff8
- SHA1
  
  102f3d910b9b5718d32cb53c742321fdbe1f3cf8
- SHA256
  
  54fae569dce7e163b82278e3353f28978511f3af6ef2f444ee5b2034a88af61e
- SHA512
  
  e17a9fbb516248fc44ba6dd3175130151764f6c41b9333037485ed1ddc6941d0a7d86d67efe5a2f7d4c399833ba985e8af49f0a5a8c9cc9fb4446cd9ae47562e
- SSDEEP
  
  768:M5Q7BWvdus8AS2ymNBqPrDhKD+sHmIBPu/5FXa7IkZsdmR/9UfaJAMnHSiU/2C7B:cxBMPtr/d0zRpSZ5adaht
Score

10^/10

formbook ba17 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1

T1130

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Drops startup file

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2