formbook

General

Target

file.exe
Size

73KB
Sample

221102-d7l7wshad7
MD5

9f3d2f161ab12215d8127143188fadc6
SHA1

2fa3f6914fe95ebd19d6395fed3296dee351ec56
SHA256

42ff33d8a2c198145c876fbfab4855fa43faaf292d10c73f144619c34714f97e
SHA512

b2cad85987c0b431323396a68a609422a7665033f25f43fb7e2430b192eafe00d375ce8b518385b962d0b4601ac170184096f5b5015e536c5cf0419fa22c5d61
SSDEEP

1536:4WmCpPvpguzG3Uj/mvaVaDLGnsyjLixPd:4W3PLzUSmvaVaDLGnsyPA

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

tu7g

Decoy

fbbktzFKN8MB1h8=

FPidEXGfkl0WqgXoVhHehw==

iHEjIL7XwJdpN6Er4Evhu03o

fHQTMsjqD3cPpQ==

VDXmCsr22oYhshz/Fg305nF21Q==

j4ZHfk5rRf6tVtwbMRU=

AORqAXKWy4R+//VwFdB6VVk=

9PW0Yw9RkIfer5+/bum7nlxwy1QfDQ==

ZU8mUjRgSOn3d0eFD3puQgVpnaAj

nlHgT2aJaMMB1h8=

+qc6XcgwdjVsEgKQ2zT+

/gCHJbBZrWjx1OZN40Hhu03o

48dX+WeLWAjFZMR2lItP8bJ87X4=

+N6H9VVzix7uogI=

Jf/NAPQe+8we7uftVhHehw==

YmANk8T+ix7uogI=

GTKxpLAYsJTl

pT8FM/QacYAV/+VInxn0

8JAnF9PnyZA29xH3Iw==

8ZdFPhCvGxYBxRCTqtB6VVk=

Targets

- Target
  
  file.exe
- Size
  
  73KB
- MD5
  
  9f3d2f161ab12215d8127143188fadc6
- SHA1
  
  2fa3f6914fe95ebd19d6395fed3296dee351ec56
- SHA256
  
  42ff33d8a2c198145c876fbfab4855fa43faaf292d10c73f144619c34714f97e
- SHA512
  
  b2cad85987c0b431323396a68a609422a7665033f25f43fb7e2430b192eafe00d375ce8b518385b962d0b4601ac170184096f5b5015e536c5cf0419fa22c5d61
- SSDEEP
  
  1536:4WmCpPvpguzG3Uj/mvaVaDLGnsyjLixPd:4W3PLzUSmvaVaDLGnsyPA
Score

10^/10

formbook tu7g rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Blocklisted process makes network request
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2