formbook

General

Target

EA9FB31AEB057FF8D58E61740EB382AC2EDB85171458D18540C9101DD49CFE78
Size

201KB
Sample

221123-r2zgxsdb7v
MD5

046272dc84975df7656743ef4c1461be
SHA1

e68a9f4ce7ff7924425850fc29882fc89a2bc020
SHA256

ea9fb31aeb057ff8d58e61740eb382ac2edb85171458d18540c9101dd49cfe78
SHA512

77ed3fa231234d4570e7b61d8231c3faae033c27df82a9a8feb3364184fd506ba1c5d1676c36cac93987a0dfa695c300026c8eb4ad77bf5bde2560e401196773
SSDEEP

6144:rlQ55DcptefJh00YUOK54MGVv6q2O1+Kwr30JFyEpj:ruStefJh097KXGVP2Okp0JFJ

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mr06

Decoy

dreamrose.shop

bamdadlive.com

avastfr.com

aishabolduc.design

nobulldownhill.com

navis.store

paintingsantaclarita.com

wdidfhqo9751ds.link

epilateurlaser.info

expertdoctor.xyz

jtfaqyxo.work

zrexvita.live

coloradomarketingfirm.com

prestigehospitality.solutions

bmayple.com

sea-food.online

mejor-proteccion-es.click

tophatlimitless.buzz

inailshickorycreek.com

tintash-sg.net

Targets

- Target
  
  PTT056739937pdf.exe
- Size
  
  214KB
- MD5
  
  52c97485bc35094afb64c8f8bb3945f5
- SHA1
  
  7c177d8b33562f5e9c0aadd688b4f9a9e891ed28
- SHA256
  
  1762c6b2de63b5d6470fdba19845c0110b60342cccbf2df75ba250c5b730d1ad
- SHA512
  
  06a632d6632c51177d31f9c9b5e5beb186abdef61c20b820a67817edb51a30d029e93f86528f94415d2ae77184661f6c2a96af73496a256cdaf76a6a3c7a07c7
- SSDEEP
  
  6144:qweEpUjGehdR82Jp83HR4TR66swZIpaDU05thwd7jE0mqYu0pk:bUjTPGvm9cxyrwd7uu0i
Score

10^/10

formbook mr06 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2