formbook

General

Target

9087b91ca124d9827ca2b823b2d697d6
Size

1.1MB
Sample

221010-nagw1sbeg2
MD5

9087b91ca124d9827ca2b823b2d697d6
SHA1

6fd6455958930cf157d6c2e9492ecaf24680ae88
SHA256

2395ed748a3fbab5f8c9e46e4570eebab43c5f9e395b36fa7b20f99127684653
SHA512

55e050f311a460668c7dda04bb11db5bf1b50cdb9c69dd11dd19f6f4229a2109d0b82f8737f2c8a0c569512eb0701cd17b91366d15e014b80ebf9c6b281f1ac4
SSDEEP

24576:AdC1WgCXcRKdSVyKNAircGNE73VNaEv6S1UIgQOfspf:AdhWK7iE3Roa

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sde7

Decoy

lolfilmfestival.com

pousdaobosque.com

tangierfilm.com

valuedassist.com

qcrluxuryrentals.com

poc4cloudx.com

irizh.art

flowsever.com

serios-lifestyle.com

abc-diomain.com

bmwoemwarehouse.com

vivelamoda.com

thesycorax.online

goodjob129.com

hudyeanamaze.com

pabcp.com

millennialworkouts.com

gpcr-compound-library.com

rotyupin.xyz

hnkcsm.com

Targets

- Target
  
  9087b91ca124d9827ca2b823b2d697d6
- Size
  
  1.1MB
- MD5
  
  9087b91ca124d9827ca2b823b2d697d6
- SHA1
  
  6fd6455958930cf157d6c2e9492ecaf24680ae88
- SHA256
  
  2395ed748a3fbab5f8c9e46e4570eebab43c5f9e395b36fa7b20f99127684653
- SHA512
  
  55e050f311a460668c7dda04bb11db5bf1b50cdb9c69dd11dd19f6f4229a2109d0b82f8737f2c8a0c569512eb0701cd17b91366d15e014b80ebf9c6b281f1ac4
- SSDEEP
  
  24576:AdC1WgCXcRKdSVyKNAircGNE73VNaEv6S1UIgQOfspf:AdhWK7iE3Roa
Score

6^/10

collection
- Accesses Microsoft Outlook profiles
  collection
- Drops file in System32 directory
behavioral1
- Target
  
  Order AU-L0475-500 pdf.arj
- Size
  
  846KB
- MD5
  
  83e4f5b6ada60181baa0265e53c9ff8a
- SHA1
  
  126b748fe73afec0535c2eb866f6f41f297a9499
- SHA256
  
  8c0b7774adb64d0426a101b5a0d5bb1b854ec6ca43a57862e57785c0c0377c37
- SHA512
  
  1aeeeeb4219587e60808c6a152b93fa8dbfe27bf69121438354f3b17403025be9d87801333132de269b652c73b2b894b401245f76bad15af063752434ef7c094
- SSDEEP
  
  24576:1oZu3hhpM+W6Z6ZopW36yzXpL0MB7uiDP9qEummnreI:Fh3MLkw6yzXdlzDP9tuFnreI
Score

3^/10
behavioral2
- Target
  
  Order AU-L0475-500 pdf.exe
- Size
  
  1.1MB
- MD5
  
  2974e9a2f9b31014e74815ec42070a89
- SHA1
  
  c9a17bd1de0d76e5ceffbdd8590268283eaf3338
- SHA256
  
  bca8c5f6c3083869e7faab4c52ab3fcf7010e901b3e0bc48597d9b68c15a3c46
- SHA512
  
  fd8639cfb1b10ee6c38e3799046b926d42e47f81d0cee04cc674e24cc9cfe2b8484623d0863620339cc5cfe35182f04d4dc2e2ac5766a15aa26e5c61934b7cac
- SSDEEP
  
  24576:h1BkrivByG8OO27sVjyzw0epZeM/9xvbtQTH:h58OOQejyzjepHBQ
Score

10^/10

formbook sde7 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral3
- Target
  
  email-plain-1.txt
- Size
  
  416B
- MD5
  
  d459a98f941e8ea1e39db6df73d1d232
- SHA1
  
  c5c0ba4652720f5940dd0713179118269aa99ea4
- SHA256
  
  abdf55a9258a7f1b366568729a47ffce37fcde13a680d04e924045c05dd15d0c
- SHA512
  
  4b7b99e0346195aa9239fd80362eb216b6e2c36e6dd83d2ef1c2e54c8cee7b6d37d0a34ee719b27490937781be044f050f175458bc3e4a6e6a71899424cfc177
Score

1^/10
behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Accesses Microsoft Outlook profiles

Drops file in System32 directory

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4