formbook

General

Target

8E5B19F0A617D54186F50E650B9EEC8DBA831B59B99FD4DA8C0B16FE3FA52AB8
Size

290KB
Sample

221123-r1syrada3y
MD5

2bc0360e2b2719b479ba7eee553e4a44
SHA1

5e899e4e1a3e86bb3bcc127e09d8b4adaebc9145
SHA256

8e5b19f0a617d54186f50e650b9eec8dba831b59b99fd4da8c0b16fe3fa52ab8
SHA512

ad9a8644fcadabffee5adc0c34b9ff703d1cb60fe99edb0586dbb5756607193e86c9440522af943d9de209ad94945a8e739393f95f6a652e6058e9650f2b60f8
SSDEEP

6144:GXWWRDSLG0Laff2TGX49bPxFKULW4fKJOBuZyrFN9GXw:9W+LaSa4dPxFPWKKcRrF/Gg

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

je14

Decoy

innervisionbuildings.com

theenergysocialite.com

565548.com

panghr.com

onlyonesolutions.com

stjohnzone6.com

cnotes.rest

helfeb.online

xixi-s-inc.club

easilyentered.com

theshopx.store

mrclean-ac.com

miamibeachwateradventures.com

jpearce.co.uk

seseragi-bunkou.com

minimaddie.com

commbank-help-849c3.com

segohandelsonderneming.com

namthanhreal.com

fototerapi.online

Targets

- Target
  
  jets80054.exe
- Size
  
  304KB
- MD5
  
  f57974ed632c9b3aed13be4e2d4dfd7b
- SHA1
  
  729614769140d585e61b63cf04da1ff528ca58b5
- SHA256
  
  5308026699c3ce88917c846e9b6ae9939fbe08415a88937ec6ab74fd507ed98a
- SHA512
  
  0688ca6cec67e33482d38f31ae108ff222740fa486e663ed139f632412394526a6bbc51ae4c712ca818a3c4800c1859ae1ed11c12cc3cea5ef30075f86c1d433
- SSDEEP
  
  6144:MEa0NMikS9Le6rGEsNirbtz6xl3Y0ansq0XTHpGMQ:XMikSraESiF+l3jHq0k
Score

10^/10

formbook je14 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2