formbook

General

Target

DHL Consignment Details_pdf.exe
Size

407KB
Sample

221028-k56l3sfehl
MD5

733e85d251ecbc92481f2cb5ea55229b
SHA1

34105be29f430e948aa05485393f7defb381f307
SHA256

1b53c5714322ee87fc3d6d7e513818d009b98fbd68dab63767567b6b22864d4d
SHA512

b410062f8cad5bbcb92b9163d8543519651e18c78a729b52719720cbb60717812536bb458a54c9630b58377bcd0807aed5be0bf0a8e2f812145ea52f93a9d917
SSDEEP

6144:FweEwTKu1gRtv6cWGq9Ye/LydbuHfH+kIkC6uQPQVTMe8jL/MqEC7wkyeeyuU9zO:Mv6cxqye/LqUzIkC/aQBMH7wkfeU9H6

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d10a

Decoy

tprgamesslot.com

1wautomarketing.shop

jnfc.bar

reelestate.info

coolvenead.buzz

am2pmconstruction.com

casasbh-digital.com

kmzu.info

magabestonline.com

evdirect.net

utaxi.app

gamemakr.tech

klsxofficial.com

qfaw.mom

bwchosting.com

joseli.xyz

carnelianintimates.com

manarnews.site

axacpe.click

pinupmeals.click

Targets

- Target
  
  DHL Consignment Details_pdf.exe
- Size
  
  407KB
- MD5
  
  733e85d251ecbc92481f2cb5ea55229b
- SHA1
  
  34105be29f430e948aa05485393f7defb381f307
- SHA256
  
  1b53c5714322ee87fc3d6d7e513818d009b98fbd68dab63767567b6b22864d4d
- SHA512
  
  b410062f8cad5bbcb92b9163d8543519651e18c78a729b52719720cbb60717812536bb458a54c9630b58377bcd0807aed5be0bf0a8e2f812145ea52f93a9d917
- SSDEEP
  
  6144:FweEwTKu1gRtv6cWGq9Ye/LydbuHfH+kIkC6uQPQVTMe8jL/MqEC7wkyeeyuU9zO:Mv6cxqye/LqUzIkC/aQBMH7wkfeU9H6
Score

10^/10

formbook d10a rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2