formbook

General

Target

Transfer Request_pdf.exe
Size

261KB
Sample

221128-rvetyaaf22
MD5

5083abe9d59d3fa08c31af8a52a6fc52
SHA1

0a321017cb103515232af89c9648c5b0423d603f
SHA256

030e7b505d912efbdebba3bd4c0783f029d8bd4caf54ecf988427e47cdea0b16
SHA512

3e16697e5ec1a06476a17147abfc1995ddd6620bb6a60351e2a8cd8077137af67d6b11ff4d08f618676b98d6797a75ff175750624546bc84e4eb9f3ae7a02b45
SSDEEP

6144:QBn1jjE5+EdKaAHyu/IVOzxjl9ZY1X7lOlSrXhZ1zanK29tr1HEQwo+:gjw5+EXBugVO9L+1X70wr71eHH+o+

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sy01

Decoy

aeria.life

jotted.community

mozarspalace.com

bfkoxoih.work

doganmuzik.com

ljsq.shop

vitalitycook.store

74574575.xyz

infiniteuniverse.site

storkrv.com

amendmentsymmetrical.top

adevodigital.com

renammsac.com

tptretry.info

ninfainacquerello.com

25038.top

httpsthothub.lol

yvxbt.com

72028.top

vzxtopi.xyz

Targets

- Target
  
  Transfer Request_pdf.exe
- Size
  
  261KB
- MD5
  
  5083abe9d59d3fa08c31af8a52a6fc52
- SHA1
  
  0a321017cb103515232af89c9648c5b0423d603f
- SHA256
  
  030e7b505d912efbdebba3bd4c0783f029d8bd4caf54ecf988427e47cdea0b16
- SHA512
  
  3e16697e5ec1a06476a17147abfc1995ddd6620bb6a60351e2a8cd8077137af67d6b11ff4d08f618676b98d6797a75ff175750624546bc84e4eb9f3ae7a02b45
- SSDEEP
  
  6144:QBn1jjE5+EdKaAHyu/IVOzxjl9ZY1X7lOlSrXhZ1zanK29tr1HEQwo+:gjw5+EXBugVO9L+1X70wr71eHH+o+
Score

10^/10

formbook sy01 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2