formbook

General

Target

19855889d3ba39e60015fb0ad961abb6
Size

29KB
Sample

220914-nsymgsabc5
MD5

19855889d3ba39e60015fb0ad961abb6
SHA1

c467e184eb9db25f67f01d3dee10da40cef046f0
SHA256

0f611c5d52d7ee3546267a7e89e862f162b9f4329c934920fc52e584205e5844
SHA512

118e075c199c0c13c47015f2704998c44cb1519c80b1edadf62158dfec4c62a92cfdbf365d3e640b2d4a764b97a14a8480eaf1a3b841000b15a89728516c632f
SSDEEP

384:9wS4A3E55eFNp+AIWrtSSIgOZidMRjK2ZuWz7KZZlqU0nN:SS4/Gi+dMRPuWkZlqUyN

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dw85

Decoy

abuojnhszpxw.xyz

mfr-media.info

iamthemessage.net

indianausa.site

pnbifsccode.com

shadita.com

akadabra.store

bvl-corporation.com

hhxxwb.xyz

free-cumshot.com

baariksgallery.com

hzywys1688.com

realthingsonline.com

bakingdesserts.space

dangdog.top

alldrugpharmacy.com

ananiana.com

mevvagroup.com

wiserhill.net

nelledistribution.com

Targets

- Target
  
  INV& Delivery note.doc
- Size
  
  20KB
- MD5
  
  9b2cabb78ef070c73f2e4eada3ee315f
- SHA1
  
  1652cbf85f9089ff7cc3a0eb2149a1010137e052
- SHA256
  
  b5c58a9708d87bdc1b48bc6ed7e4261ddf7115c10d6772197cd8c4e438d674b0
- SHA512
  
  a5403ab76265b6ea9a66b47ede4bf49440de33d738d055ccb1b6dcef26a6d7815aa7b64f329732334d452910684d3f274517711d225917ac6b0a197b4c49b540
- SSDEEP
  
  384:gvR3LRyWfINlVAYWi62vNU7Honij2PErzm5J8Re4zGzsCi:gvRbV6WHi1PEm50jsi
Score

10^/10

formbook dw85 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2