formbook

General

Target

d2b6ec246c1627c4eff844ec15de05b2.exe
Size

6KB
Sample

221123-rcnzwsbc6v
MD5

d2b6ec246c1627c4eff844ec15de05b2
SHA1

252ed9f325c178cc4e054fbbad59b68e27728439
SHA256

502f5ca3567e3c23c443376a14c0e4e86ec453e37696f12d723aab77e332a46e
SHA512

e6c07de510ffc22447fd76b77c41631a6d060c3b2d4971ef8cd92260c9f69842b8e621bb7c28a29ebf3960bf61e26c6b3107b97eebcdb738b1bdb853c913d2ac
SSDEEP

48:6N/UH4k/Hlw2u9h3rlJ4ff1DIMQrYhJp6LOQDhRW4xyiXiiVcqBHfOulVt+hXuFW:Qkq5h334fd44JshRW4hieckRNkuzNt

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

do25

Decoy

nickifarina.site

nfptrwge.bar

nobreemporio.com

split-acres.com

sharingservice-act.com

nakedinktees.shop

zhensheng1988.com

ipiton.com

liftoffdigitalmarketing.com

karen.cool

theprotestantchurch.com

shirhadarr.com

azdtwp.com

comzestdent.com

jnsjh.com

in-heat-cool.com

dfefej.top

tumingchun.com

eisei-shouji.tokyo

sparecreeping.com

Targets

- Target
  
  d2b6ec246c1627c4eff844ec15de05b2.exe
- Size
  
  6KB
- MD5
  
  d2b6ec246c1627c4eff844ec15de05b2
- SHA1
  
  252ed9f325c178cc4e054fbbad59b68e27728439
- SHA256
  
  502f5ca3567e3c23c443376a14c0e4e86ec453e37696f12d723aab77e332a46e
- SHA512
  
  e6c07de510ffc22447fd76b77c41631a6d060c3b2d4971ef8cd92260c9f69842b8e621bb7c28a29ebf3960bf61e26c6b3107b97eebcdb738b1bdb853c913d2ac
- SSDEEP
  
  48:6N/UH4k/Hlw2u9h3rlJ4ff1DIMQrYhJp6LOQDhRW4xyiXiiVcqBHfOulVt+hXuFW:Qkq5h334fd44JshRW4hieckRNkuzNt
Score

10^/10

formbook do25 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2