formbook

General

Target

DOC-20221004-56789098765560890.exe
Size

469KB
Sample

221007-tb7fyscgg6
MD5

a60d63e3506f2e87c54187b11991f167
SHA1

31be27f9d82878f72d5dc767f2a79a59cd7801c4
SHA256

b70faaa5b11402b410a7bdf2843687d7254b13d2003960c67b92551305205e8e
SHA512

91b022032579247b2eac7e1d5eb676d938bbf45ef03ecd5cf9a9b3e70bd43559496d250c7fa8c566b37d47be4fe9e2148425ea8c0fae964aa3d0a583d5e085c5
SSDEEP

6144:cA1WWblHmR/nQyXJpGWEhcTAjvx8/c/9X4mWSDGTdxf8c1Sta+:dRRmQyZpGxh6yv/9oyMVva

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

c1no

Decoy

SKHcqi+am5xGsHiCoXnH

BObxRpdRlNT5GCo3Eg8azNIQ

GPkN2SZ9gJOYqn4iaNIH6d1MRlk=

ZrdQ6Q4zd05LBFWPDc8=

KYQZEtvg85sq1t9jd7kazNIQ

KWu2/CZdnIFgf0p8

YlJ9mWmf+XkCjxzXSw==

nPeaENkZPzjWSh5DJiBVhlrTSx9V

GfUN8rKft59DsH2CoXnH

5ThnVCgjBm96jxzXSw==

pfb0D48Mk38v

uK6V0h16ziJXZuQ3NR8asKzT2Q==

QaxeYCJXoHFvKesgBSozIyC6bkTR8rbF

QT12wt/a0nsdrbY/oSGKqcq2wQ==

vfuiENwZZrvruTm5lHDF

iNsQyVnb3NHbtXyCoXnH

9jjn4jP8RyrjBYwNPvtfPg==

Wz1uwtUpdbrpwZXZq5HpXV7TSx9V

e9+RDvTx9HSZej/7PvtfPg==

oAeNwswNS6QgtnOdmcc=

Targets

- Target
  
  DOC-20221004-56789098765560890.exe
- Size
  
  469KB
- MD5
  
  a60d63e3506f2e87c54187b11991f167
- SHA1
  
  31be27f9d82878f72d5dc767f2a79a59cd7801c4
- SHA256
  
  b70faaa5b11402b410a7bdf2843687d7254b13d2003960c67b92551305205e8e
- SHA512
  
  91b022032579247b2eac7e1d5eb676d938bbf45ef03ecd5cf9a9b3e70bd43559496d250c7fa8c566b37d47be4fe9e2148425ea8c0fae964aa3d0a583d5e085c5
- SSDEEP
  
  6144:cA1WWblHmR/nQyXJpGWEhcTAjvx8/c/9X4mWSDGTdxf8c1Sta+:dRRmQyZpGxh6yv/9oyMVva
Score

10^/10

formbook c1no rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2