formbook

General

Target

shedfam.exe
Size

880KB
Sample

221129-rgcsesfe79
MD5

c0a85d86855b257b25572aa7d9d90381
SHA1

ea5ce824d225c0df297586a2c6621aea5ab8584b
SHA256

c9cf9f0fa6980019aa3a93b9b25ca2cf14cfad4b4afef12d43a20ece34d2093b
SHA512

373c768311b5385bb45c0558a1bc112c5c8b4d9cceeb5fa41577a5a4f3a936aff6745bf0d6ac3fdc84a17d3eb518cce5d1e4744cdfe64cd35e4478a8693fd11a
SSDEEP

12288:Avy7P+vzXkpdeYfU+Ey0LOPmEBrNU4jMmrKJVNwysiebm4M4qXftsFf:yAmvgeYc+EAPmEVNSmObWy7eCn4OtsFf

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sk19

Decoy

21diasdegratitud.com

kx1993.com

chasergt.com

837news.com

naturagent.co.uk

gatorinsurtech.com

iyaboolashilesblog.africa

jamtanganmurah.online

gguminsa.com

lilliesdrop.com

lenvera.com

link48.co.uk

azinos777.fun

lgcdct.cfd

bg-gobtc.com

livecarrer.uk

cbq4u.com

imalreadygone.com

wabeng.africa

jxmheiyouyuetot.tokyo

Targets

- Target
  
  shedfam.exe
- Size
  
  880KB
- MD5
  
  c0a85d86855b257b25572aa7d9d90381
- SHA1
  
  ea5ce824d225c0df297586a2c6621aea5ab8584b
- SHA256
  
  c9cf9f0fa6980019aa3a93b9b25ca2cf14cfad4b4afef12d43a20ece34d2093b
- SHA512
  
  373c768311b5385bb45c0558a1bc112c5c8b4d9cceeb5fa41577a5a4f3a936aff6745bf0d6ac3fdc84a17d3eb518cce5d1e4744cdfe64cd35e4478a8693fd11a
- SSDEEP
  
  12288:Avy7P+vzXkpdeYfU+Ey0LOPmEBrNU4jMmrKJVNwysiebm4M4qXftsFf:yAmvgeYc+EAPmEVNSmObWy7eCn4OtsFf
Score

10^/10

formbook sk19 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2