formbook

General

Target

Invoice_Tracking_657895995845HKFDHKLFDLKHDFKLFDKHLFDKL89634.exe
Size

277KB
Sample

220919-pjba9sgea2
MD5

adfbf0d0858c2ccf0c3070967f1c5a3e
SHA1

e723c9f072504c3345f91829000ec7d96ac6661a
SHA256

54d71b452ceceb7769f2ab610d157005849ec32aae5544acaa99d08f8d12cd95
SHA512

7c08f20307f27a8f91fdf53efd1280b898e78fbc8382c4b3dd3fc3f7f75204e0c4fafb5e7bc97d53872d46fc3ab72851703c8f0d6e932c407d3b5e6e68f07749
SSDEEP

6144:KAJjLwdO06a3KpeQnaMDCbd9D+E2fCos4OianeAsIJ/8kAG:KjO06IKpRnacCxx+EcCBnbX8kL

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

f4ca

Decoy

QYZ6iE9Y+CsiZpCBareS0uU=

N2FQLAaH6xXE

Vc6t0MQXN+Llxsqg

ElBedmSvYGGm6yLDhHqzAtmlCxWl

4VpIWShqHR5cpjfQ4bs=

mepO9miu/iFiQQ==

Z8Owqh54IlwEpDfQ4bs=

qcq4uT5HecWZG3EVwKTiUE7slrGQGiyo

IaYYoJikKDDqgV/NigZCLA==

4Xz5pfoCCW/76NnOUrFEOw==

xiijSkVJ3Yuh9OKDcmui/d2lCxWl

cr8MmfpCEu0ULsO3p6w=

JLm2yKHo7hdVb8O3p6w=

Hriy5svWm2Qfq9mPQib9jJI65gOr

2G3nkRpidunlxsqg

gPHUAeXmi8Q9ARy3

6l5WaOf8BxhQDkp5gKQ=

KHHiXs4WOqXZdPhpaw==

+UQ5Vz5O0Ms9ARy3

pNQygKu0OziAvjOHRGLnJA==

Targets

- Target
  
  Invoice_Tracking_657895995845HKFDHKLFDLKHDFKLFDKHLFDKL89634.exe
- Size
  
  277KB
- MD5
  
  adfbf0d0858c2ccf0c3070967f1c5a3e
- SHA1
  
  e723c9f072504c3345f91829000ec7d96ac6661a
- SHA256
  
  54d71b452ceceb7769f2ab610d157005849ec32aae5544acaa99d08f8d12cd95
- SHA512
  
  7c08f20307f27a8f91fdf53efd1280b898e78fbc8382c4b3dd3fc3f7f75204e0c4fafb5e7bc97d53872d46fc3ab72851703c8f0d6e932c407d3b5e6e68f07749
- SSDEEP
  
  6144:KAJjLwdO06a3KpeQnaMDCbd9D+E2fCos4OianeAsIJ/8kAG:KjO06IKpRnacCxx+EcCBnbX8kL
Score

10^/10

formbook f4ca rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Blocklisted process makes network request
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2