formbook

General

Target

dekont.exe
Size

1.3MB
Sample

220914-pgrv8sacd8
MD5

44e152bf429a978efaacc69aaa15f411
SHA1

cbc264cc28e5bb477fbc6675388437309be811f1
SHA256

a96ccfc5b5b64660b986d22b9bcc96cb5e178d3d506893bd24a959a5338a4a32
SHA512

ed5d39f098be6c8c65a54fd9efc16f6dab0bfec9f43be182c2a919a452fc8105b4e852d0230a5ced422bcce9fa8632f488e74b2723ff444b39e827a874fbf883
SSDEEP

24576:rAOcZ8h+hBuGTPvD5H347RiNnyYUkjPV99npuezy71oporahH:t4hXTPL5LNrUkj9fZe6GM

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

se30

Decoy

uniquemallss.com

goldpro.info

votejoebaker.com

b4boy.com

byzlata.space

klinikkeluargapintar.com

hnhaiyue.com

joannahanlon.online

xn--ravn-7ob.com

vinesebieron.site

vupamedia.com

pointersrewardplus.com

millerlandscepe.net

thoitrangtuixach.com

qhhch.com

ukcarbonoffsetting.com

vazxlipnow.xyz

duposio.com

kaablam.com

kangsigi1.com

Targets

- Target
  
  dekont.exe
- Size
  
  1.3MB
- MD5
  
  44e152bf429a978efaacc69aaa15f411
- SHA1
  
  cbc264cc28e5bb477fbc6675388437309be811f1
- SHA256
  
  a96ccfc5b5b64660b986d22b9bcc96cb5e178d3d506893bd24a959a5338a4a32
- SHA512
  
  ed5d39f098be6c8c65a54fd9efc16f6dab0bfec9f43be182c2a919a452fc8105b4e852d0230a5ced422bcce9fa8632f488e74b2723ff444b39e827a874fbf883
- SSDEEP
  
  24576:rAOcZ8h+hBuGTPvD5H347RiNnyYUkjPV99npuezy71oporahH:t4hXTPL5LNrUkj9fZe6GM
Score

10^/10

formbook se30 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2