formbook

General

Target

SecuriteInfo.com.Trojan.DownLoaderNET.447.20977.3617.exe
Size

56KB
Sample

221010-fvt33safe8
MD5

822f84bdd35727d0dc768723f9e45972
SHA1

55329ec8f12ca0456e32ddfeff070c8252b8f5bc
SHA256

82d2378bbc0a4f389e630a970cec55a3e4d2686894df1ca2f505943d458a3d51
SHA512

9998afdf6ade365305b070493ab31257675f4e1d9049682de71f8b5c408e76ab6ca87a753c1aa8f07dc14a03a52d6c473318b6ef50ac3d0edda57a427d27b917
SSDEEP

1536:oAzPpga/eHUTQQQQQQQBdBgN6b5/2kWSC6WLr53Dvas:zTpga/eHUTQQQQQQkdBft/2YWLr53Dys

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

c1no

Decoy

NOAZ1GtFnUx1bqjUWmD6

sUBk3CYAoWuQfq3UWmD6

5vwrVl0msDtpEkYt

VtL6sSoIchhMStcj5DxYbm3FBw==

BKjy1ZxyhhuJ2guPWUI=

eAgklPLAE7zgqOmwRqPNOQLXz1Y=

aApC9n9Zp0ZhObwjLLLUAg1cjsx6Lg==

OrLZYLeFBavC1cD5+A==

jJm87eu4hy/QMbYE/wzDRQLXz1Y=

s63OS5RsBKrY3FurpDZXbm3FBw==

hyxwKsePxJNCwwejbEg=

l5667e2vQOkM4hFPE5yA0Q==

wTtVQBT04YkyoNKoN53GFV9m2hpS

+pzWhBnS26FJqiRyZXQrqR1Ow/1B

d/VHx031x5W2

GjhhiKSDZ/1txQejbEg=

nDhRjp5e9JeQiKzm+gqI41hdV5nFhsI=

ws4wtUMZYA1pEkYt

GazXV6Fr6akfcvxEOcbpTTCmMEq7Jg==

2vAOHufF5MT6VdU=

Targets

- Target
  
  SecuriteInfo.com.Trojan.DownLoaderNET.447.20977.3617.exe
- Size
  
  56KB
- MD5
  
  822f84bdd35727d0dc768723f9e45972
- SHA1
  
  55329ec8f12ca0456e32ddfeff070c8252b8f5bc
- SHA256
  
  82d2378bbc0a4f389e630a970cec55a3e4d2686894df1ca2f505943d458a3d51
- SHA512
  
  9998afdf6ade365305b070493ab31257675f4e1d9049682de71f8b5c408e76ab6ca87a753c1aa8f07dc14a03a52d6c473318b6ef50ac3d0edda57a427d27b917
- SSDEEP
  
  1536:oAzPpga/eHUTQQQQQQQBdBgN6b5/2kWSC6WLr53Dvas:zTpga/eHUTQQQQQQkdBft/2YWLr53Dys
Score

10^/10

formbook c1no rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2