formbook

General

Target

DOC20220927567890987655608908.exe
Size

447KB
Sample

220928-hdggrsfbg5
MD5

22dca425d7af445a06e6fee563eb64a2
SHA1

76540405155c7bb6bdb1b9324f66be28e465cd95
SHA256

418d4fdf73eed51fbc78b3a5197ba71fd2349524cfb6c312732bb62bdd9fad94
SHA512

6c813775fc3e9972923875c4feca9b1bb00679e7eea281b0f5ab3b1d55f9cfee957f0b66676517b6cff2731552d0860e9126b1e11f700f664bb723ca057a4c3b
SSDEEP

6144:OvgB1Pzb5EZoQTcBkanX7cuVnxuU/ckrpBC0Y3c8r/I2zfdBKi:GgB1PzbNNQu+Wi3pr/Be

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

c1no

Decoy

SKHcqi+am5xGsHiCoXnH

BObxRpdRlNT5GCo3Eg8azNIQ

GPkN2SZ9gJOYqn4iaNIH6d1MRlk=

ZrdQ6Q4zd05LBFWPDc8=

KYQZEtvg85sq1t9jd7kazNIQ

KWu2/CZdnIFgf0p8

YlJ9mWmf+XkCjxzXSw==

nPeaENkZPzjWSh5DJiBVhlrTSx9V

GfUN8rKft59DsH2CoXnH

5ThnVCgjBm96jxzXSw==

pfb0D48Mk38v

uK6V0h16ziJXZuQ3NR8asKzT2Q==

QaxeYCJXoHFvKesgBSozIyC6bkTR8rbF

QT12wt/a0nsdrbY/oSGKqcq2wQ==

vfuiENwZZrvruTm5lHDF

iNsQyVnb3NHbtXyCoXnH

9jjn4jP8RyrjBYwNPvtfPg==

Wz1uwtUpdbrpwZXZq5HpXV7TSx9V

e9+RDvTx9HSZej/7PvtfPg==

oAeNwswNS6QgtnOdmcc=

Targets

- Target
  
  DOC20220927567890987655608908.exe
- Size
  
  447KB
- MD5
  
  22dca425d7af445a06e6fee563eb64a2
- SHA1
  
  76540405155c7bb6bdb1b9324f66be28e465cd95
- SHA256
  
  418d4fdf73eed51fbc78b3a5197ba71fd2349524cfb6c312732bb62bdd9fad94
- SHA512
  
  6c813775fc3e9972923875c4feca9b1bb00679e7eea281b0f5ab3b1d55f9cfee957f0b66676517b6cff2731552d0860e9126b1e11f700f664bb723ca057a4c3b
- SSDEEP
  
  6144:OvgB1Pzb5EZoQTcBkanX7cuVnxuU/ckrpBC0Y3c8r/I2zfdBKi:GgB1PzbNNQu+Wi3pr/Be
Score

10^/10

formbook c1no rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2