formbook

General

Target

5b24cd0bee40fbc64c05e75ae25859385403d66e2bfa94cc54e23660586e6f1c
Size

236KB
Sample

221012-th3fksafdm
MD5

c50a2cc60d44200eb6c7573c4c422873
SHA1

0ddc105fdf443d24f56e013e55828ed111df3270
SHA256

5b24cd0bee40fbc64c05e75ae25859385403d66e2bfa94cc54e23660586e6f1c
SHA512

b5bc4deec050a33909eabde3e76f641f30dd97cf6593f34e3920c01ef96512ec6a00a7059a3991d9a0408119829c6794131897c61c60c69c7b694e17002512e4
SSDEEP

6144:qNSGIR41RPlyHW93igGDeT01awFKrQpap:6SGe41BlB93nTOTKaa

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

ugez

Decoy

LgjapC4PTUnlPZWoC2UR5y8=

YMcK0wipjKwrmU7k

L5jlvYmPL3umP9c=

4rk/LiDD0RVVSIeRjZIUL0yl

AGSrXyvwS7a8fQEgidyDSzLHVenNiQ==

AtaekTjB3r2qqTfZQ+nnfLfTpA==

Q9I1IDrVM5RLBER0xA==

NEdf4hHw/2eq

+4rt0uLIddbs7Ndu0w==

heAb+B+SqeStNcPpzt3FhJrTev0=

OZ6kdeZpuv0Y6fXR/wTX

6sB4ZTgDPyMyIl37yOxispUQrOYd6yM=

OiarhHzxBOZn+Yqoi6hAT2mv

tVdc2q/vCrrutQ==

8t1UGhc2L3umP9c=

rJgg1o0wO6Voug==

l4NQQt5dsBqlgcvs

mCeljHYpvxG2NOv3c+XRoEs2O0vhgQ==

a84dAkkSZ2X6NEdbRRAo7yobFJTz

06yBZcaFMnD6SoWoj6hAT2mv

Targets

- Target
  
  5b24cd0bee40fbc64c05e75ae25859385403d66e2bfa94cc54e23660586e6f1c
- Size
  
  236KB
- MD5
  
  c50a2cc60d44200eb6c7573c4c422873
- SHA1
  
  0ddc105fdf443d24f56e013e55828ed111df3270
- SHA256
  
  5b24cd0bee40fbc64c05e75ae25859385403d66e2bfa94cc54e23660586e6f1c
- SHA512
  
  b5bc4deec050a33909eabde3e76f641f30dd97cf6593f34e3920c01ef96512ec6a00a7059a3991d9a0408119829c6794131897c61c60c69c7b694e17002512e4
- SSDEEP
  
  6144:qNSGIR41RPlyHW93igGDeT01awFKrQpap:6SGe41BlB93nTOTKaa
Score

10^/10

formbook ugez rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Blocklisted process makes network request
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2