formbook

General

Target

sample and order.exe
Size

281KB
Sample

221019-q6ywhsbadn
MD5

7dbd6df3ec4fec51110e44dd2122d166
SHA1

078d7b5f3453fcb85908cd9209a07766f613307f
SHA256

cf7fc1a1f8101f89f4b4693b664e96f88febde65bc7c0b5f9dc19ce060c45c84
SHA512

c17ff24eedc17ac985a894f10546761b08965cf5e4c0d7d94466546b8c723cb7140ed37a99be0af64d8abeb1d0092fd16b8e6efe96eecdcb7d62e56d8b9de3c1
SSDEEP

6144:PDRYLF0WnhfA+UOx85VjsXov0Df+FyUzg:rR20Wnt3KsXo8DfCywg

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

hlpq

Decoy

mldSsngjzTHzaBZba069RrUmJw==

f0b/EZNM9UFUVxE=

MDL3b5SzuL6PH/Kikfw=

OudWLtIWZJFGaA==

xXgtQAEmIRjnk2vd+TVnrkpcMA==

HNmBV2fv0mP2gxk=

faeiX5TDOI5ltFsZ

bP0KGLe8mXkxmVkO

VRZeZu3VJs1Q2mET

A9mQgvhLDCUYYg==

TvpiStz3fge+3ZpO73Vj

fBaaUHWI3y02WQXrUa5r

54L6DSGvfeO1tVb9e6sktVDY

yM0Iv3K6hwXriE3Nu+N2eB60w0VNNgo=

obVogUsv0CTETtGGNqAktVDY

zuyrKkdHKGP2gxk=

ZnYxy5BL3u+4qVgkuJufqg==

0P24HCo4h+iuJfKikfw=

gaVk/JEbvFmbJDqNk+s=

bTekCo8Z5gcepjtsjtmGzZ0=

Targets

- Target
  
  sample and order.exe
- Size
  
  281KB
- MD5
  
  7dbd6df3ec4fec51110e44dd2122d166
- SHA1
  
  078d7b5f3453fcb85908cd9209a07766f613307f
- SHA256
  
  cf7fc1a1f8101f89f4b4693b664e96f88febde65bc7c0b5f9dc19ce060c45c84
- SHA512
  
  c17ff24eedc17ac985a894f10546761b08965cf5e4c0d7d94466546b8c723cb7140ed37a99be0af64d8abeb1d0092fd16b8e6efe96eecdcb7d62e56d8b9de3c1
- SSDEEP
  
  6144:PDRYLF0WnhfA+UOx85VjsXov0Df+FyUzg:rR20Wnt3KsXo8DfCywg
Score

10^/10

formbook hlpq rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2