formbook

General

Target

SecuriteInfo.com.Win64.Malware-gen.22993.9755.exe
Size

444KB
Sample

221123-d2216ade6x
MD5

519f54e9cb4c6c88b2a61034a9711409
SHA1

b880831a383d97b3c11520fbfc5524380f18f863
SHA256

b5b8524f2b24683dbeb07c9af2ddc8175a7a7b8925fd2db5f9776be568c2135e
SHA512

8719f07844bff06aa370c6a08df839ca1e50c522d57dccef27a70347c0d6c28298537d973a39b87b54dc42a9d70e852aa37feadfc358df1ab4c3e1d1e8838ff9
SSDEEP

12288:FDFLv+vZQtgFc9E8EDh26Apd7jI+x1Uw13B2j5AMM:FRLlEpDh29T7HndBA5A1

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

t5ez

Decoy

v+YaDdg/udazyV4Iyw==

MXDNPIhw1/8BP0Ud2fguBRZ/8nF6wQ==

WsTRjsGfK1Wt+wjFRn9mBQ==

TrAv42rPyfBfhpI=

2FrznhJCG6bpCgm9+n/Xq0cr

phy0dqeRgaeZzcuciHGgrkeVQw==

DIYHd2O24QEB

wVbxr0eqbQZMc4xwQF1W3NdmR2Xc

ncsN3VitpSp18jvXswKeJeQKA1DW

n/FT0RVVULr7fMV0Ykb8ztU=

OET6wvfsbaGp6O2/Rn9mBQ==

2Rb8gNoGR5GEwAeUhcs=

wR8Fc7imd8/3cQeUhcs=

rMZ/VOtX0kR/yV4Iyw==

9YIUqO7RR4iL5Cffi994

03AHmeAX+2F85Cnfi994

9QbOseAK0/c4SGJW

S1EDywDiYofETA==

ivZm1wDWR2hgAEFURn9mBQ==

D2pe4DygKUJKoLidIuwJo4PiKGhyZLPc

Targets

- Target
  
  SecuriteInfo.com.Win64.Malware-gen.22993.9755.exe
- Size
  
  444KB
- MD5
  
  519f54e9cb4c6c88b2a61034a9711409
- SHA1
  
  b880831a383d97b3c11520fbfc5524380f18f863
- SHA256
  
  b5b8524f2b24683dbeb07c9af2ddc8175a7a7b8925fd2db5f9776be568c2135e
- SHA512
  
  8719f07844bff06aa370c6a08df839ca1e50c522d57dccef27a70347c0d6c28298537d973a39b87b54dc42a9d70e852aa37feadfc358df1ab4c3e1d1e8838ff9
- SSDEEP
  
  12288:FDFLv+vZQtgFc9E8EDh26Apd7jI+x1Uw13B2j5AMM:FRLlEpDh29T7HndBA5A1
Score

10^/10

formbook t5ez rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2