formbook

General

Target

852289dea9e7ab79e1d224cc883cb2f3
Size

550KB
Sample

221010-rlzsraccfk
MD5

852289dea9e7ab79e1d224cc883cb2f3
SHA1

ecf9ddac34b8b38eabbef97f567765092dd93468
SHA256

bedd545eb1a6b4de080020f5520fdef0fbebffba777b9c952ffa8b71fb9ba896
SHA512

7d7714be6bf0b5b192286b332cb0e29f72cafdff11eb37b7390d2b08d3e916d483b97467ca2f162954a6e522049fd9645654b84b4a20194c9459ae79fb175e07
SSDEEP

12288:znnYLlLYhv53Bxj9PHL4y5TZtq/s88lVBjhmfs:LYLlMv53BxhPr42ZZ8gV9hmfs

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

nrln

Decoy

IG7zJSm49UqTTuu/N/oTCIg=

CVLdAPgw0CRSMuZnRRU=

PiA5Z3umP2NyX81VGQhjWyS59nFYhXiG

5i6p4GeQqtBgNRfGNQ==

5984keYswxh8mGZHz4ipAHtQ

VNJaK4Gh0CrOvHpW/p353A==

71rEtrL2icToyKGhcWrTxjsFU5T98zeO

r3q1sy1iZaL+2XIUAob7yw==

9+83Qkrk/vV/jVXsDvoTCIg=

aMFAgYF1prov8/UErH/Y1A==

Alqtx/0rxwEbCLdudftl

ImCbnglBSUHF0mv2tTSP40bPeYao

s4DFNvAJ4GIJ+g==

phOa6mtS8QQICuZnRRU=

7TSu5vqRtB45EZtf4WDSTBHPeYao

ImPWqwUUIVWMQLyMbUab7tmspvNCcT8=

HF7jKjbGox2SAffTPw==

yAM3mOQot5l+cD0ikR5MGp8=

UYzW0/8z70JcQenVLidu1kLPeYao

OoCznp5UWz+hT9OBFXbfVhXPeYao

Targets

- Target
  
  852289dea9e7ab79e1d224cc883cb2f3
- Size
  
  550KB
- MD5
  
  852289dea9e7ab79e1d224cc883cb2f3
- SHA1
  
  ecf9ddac34b8b38eabbef97f567765092dd93468
- SHA256
  
  bedd545eb1a6b4de080020f5520fdef0fbebffba777b9c952ffa8b71fb9ba896
- SHA512
  
  7d7714be6bf0b5b192286b332cb0e29f72cafdff11eb37b7390d2b08d3e916d483b97467ca2f162954a6e522049fd9645654b84b4a20194c9459ae79fb175e07
- SSDEEP
  
  12288:znnYLlLYhv53Bxj9PHL4y5TZtq/s88lVBjhmfs:LYLlMv53BxhPr42ZZ8gV9hmfs
Score

6^/10

collection
- Accesses Microsoft Outlook profiles
  collection
- Drops file in System32 directory
behavioral1
- Target
  
  PO MATADOR_5D6EC - Q7100625010,pdf.iso
- Size
  
  356KB
- MD5
  
  63d1c9619495fa071b4a58b60f6afefc
- SHA1
  
  1eca144780c7f46846460cd60f2ac466292eb750
- SHA256
  
  19e014f1f4ba25babca1251f8a99a8d60f11fccb134d72a119032791cc8a0c17
- SHA512
  
  78892a0d780e97138d2dc6a33778356b700141734958c2b99fe38d0d148aa396ca2ba1fa828cb696b9040346de82d50f643142c556f9f11b9636659c3acf8ef9
- SSDEEP
  
  6144:D5zvytmDRQDh674uJtGKor0eTFlZt6Ej:9z6ARsh239or/FlO
Score

3^/10
behavioral2
- Target
  
  PO MATADOR_5D6EC - Q7100625010,pdf.exe
- Size
  
  295KB
- MD5
  
  acd2efc1047230b3fbbcb3349b875e69
- SHA1
  
  0b537f86fc9bac1ab7a8c15d0931f6ec4a27434c
- SHA256
  
  5313012047344a16ce9ba4a01f43d0bb4330b86a5d80039e6830eb2b1f5323d1
- SHA512
  
  122b28f77cac12900f420904eec899cb602da21133a37016741c39e54836f2d23a2c2333d507c9becb9ac0da8bcab69ec36d1a89039feef9c70f96ae678d8d0c
- SSDEEP
  
  6144:L5zvytmDRQDh674uJtGKor0eTFlZt6Ej:Fz6ARsh239or/FlO
Score

10^/10

formbook nrln rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral3
- Target
  
  email-html-1.txt
- Size
  
  3KB
- MD5
  
  48589b60a1bfc489dae90c5429470f81
- SHA1
  
  245ac40abd2ab7fe05b5419db8a527349c158a80
- SHA256
  
  7d9e96e770f404e34ce4cae87cae3825f449161f98941b0063386925ac43dd84
- SHA512
  
  5854f8458a29bcb797e8639edbd757771b25480d23524921923c8db10648ea2e3125cd04487124c2d4571318bc547ba8e5186d560c3c1bd4f4564433cedbd699
Score

1^/10
behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

System Information Discovery

2

T1082

Query Registry

1

T1012

Lateral Movement

Collection

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Accesses Microsoft Outlook profiles

Drops file in System32 directory

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4