formbook

General

Target

mejor oferta de precio.zip
Size

702KB
Sample

220914-pjjbwaeabp
MD5

5a5fc3a09fd3037fc022e43568fa705f
SHA1

bbbc5c9f7ad8f913d67c88563dad85f05b556148
SHA256

1c34f2411e9563cc5aac4b8c87bc872adc315fbfac9c8a6226e34ad0e94c20a3
SHA512

8181e3859f0e682290adde5296663714bf89e537b6e8cdfcd19d8930c4587046bfec9f1a9b3144eb6e6f6e03fc3b67cfcb4ce73bcf0c252f9d6f3ae04d347492
SSDEEP

12288:7t4GpQ0I+lxzZs2ecflZfRcbKv+U9q9vEwaiaNDg3v5tiAcV:7t4GS0XZs2NdZ5cb6+UwFaiaNimV

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ng04

Decoy

tevimaq.com

easterspecialtystore.com

smartlever.tech

10312.uk

tanjawiharbi.co.uk

471338.com

horusventure.com

empress-care.com

sinrian.com

465951.com

aemsti.com

nxcourier.com

stargatefarms.com

lalyquainvestment.com

dailysportsadvice.com

justlistmoore.com

stoneonroll.online

tatianakolomiets.com

barcodebbm.com

protectorship.world

Targets

- Target
  
  mejor oferta de precio.exe
- Size
  
  978KB
- MD5
  
  69aa40391440a87ccb0c3213639998fa
- SHA1
  
  b671531bd2bcfcd7a293cadfb3ea7195aa266123
- SHA256
  
  581df810fb540634d65235f4af36def9fc32c43d1e76dcdd5d9a845b8f3e4de5
- SHA512
  
  522cd67152e57cf7679490ea99ac0f3a9510ba5c0281d4b80d6163835c8c95855e1509358531de0b1e00cfbb806616af4cb5897938bcc9e216c74c2047808cf2
- SSDEEP
  
  12288:/HhV7uikFg0QxfrGbG3Gcnq7DEw4c0NLeFZzz2Ac1:Phlubg9xDGbEGc2J4c0NUo
Score

10^/10

formbook ng04 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2