formbook | 53495ecf8b97a44f42431f7a069d6d993728788af54c20ce7ece289640c3e1c9 | Triage

Sharing

General

Target

53495ecf8b97a44f42431f7a069d6d993728788af54c20ce7ece289640c3e1c9
Size

357KB
Sample

221121-r6j8sshg31
MD5

8babf47c462b4c9dc2e4331d2cbbce2b
SHA1

9b3f3e7ab491450cfb595584d316a48cdf6c9138
SHA256

53495ecf8b97a44f42431f7a069d6d993728788af54c20ce7ece289640c3e1c9
SHA512

518c2fa8b1ec096079cbc54f49c0ce8df7a1e0c8c590c4e993e8013cc17f565cc125e9441c80c946bbfd4e7aa7e3741f7c9cc8c8a3d0eae171c8ea76e68c461a
SSDEEP

6144:HEa0eDyf/UBrohN9DYGWKkmHiQIKXNa6OltJae/Sa+tSV93niGBk:LdNGWKhcltJatSf3n/k

Score

10^/10

formbook sk19 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sk19

Decoy

21diasdegratitud.com

kx1993.com

chasergt.com

837news.com

naturagent.co.uk

gatorinsurtech.com

iyaboolashilesblog.africa

jamtanganmurah.online

gguminsa.com

lilliesdrop.com

lenvera.com

link48.co.uk

azinos777.fun

lgcdct.cfd

bg-gobtc.com

livecarrer.uk

cbq4u.com

imalreadygone.com

wabeng.africa

jxmheiyouyuetot.tokyo

Targets

- Target
  
  53495ecf8b97a44f42431f7a069d6d993728788af54c20ce7ece289640c3e1c9
- Size
  
  357KB
- MD5
  
  8babf47c462b4c9dc2e4331d2cbbce2b
- SHA1
  
  9b3f3e7ab491450cfb595584d316a48cdf6c9138
- SHA256
  
  53495ecf8b97a44f42431f7a069d6d993728788af54c20ce7ece289640c3e1c9
- SHA512
  
  518c2fa8b1ec096079cbc54f49c0ce8df7a1e0c8c590c4e993e8013cc17f565cc125e9441c80c946bbfd4e7aa7e3741f7c9cc8c8a3d0eae171c8ea76e68c461a
- SSDEEP
  
  6144:HEa0eDyf/UBrohN9DYGWKkmHiQIKXNa6OltJae/Sa+tSV93niGBk:LdNGWKhcltJatSf3n/k
Score

10^/10

formbook sk19 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbooksk19ratspywarestealertrojan