formbook | 8340f192a38f93e6ad8fc515505e2d2a9d8b0457e3f2d684a60ba292aa8c1cd0 | Triage

Sharing

General

Target

8340F192A38F93E6AD8FC515505E2D2A9D8B0457E3F2D684A60BA292AA8C1CD0
Size

813KB
Sample

221130-epz7gahh9y
MD5

3c8761ae223c4e16060ec46b42d46ca6
SHA1

e52161319d8a16f308912d3fcfe834c31de4a411
SHA256

8340f192a38f93e6ad8fc515505e2d2a9d8b0457e3f2d684a60ba292aa8c1cd0
SHA512

13daa66c63c13ac557243ce7c0ed4fead59940411ed53686627fef16d8021d85243abcfa999e96c70a44b50cc292bd97a0c0f402979cfefda6a6fff547bd14b0
SSDEEP

24576:qinr5XXXXXXXXXXXXUXXXXXXXSXXXXXXXX4m+r5XXXXXXXXXXXXUXXXXXXXSXXXn:8QX1FU

Score

10^/10

formbook b3es rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b3es

Decoy

sweets.wtf

apextama.com

tygbs.com

kumaoedu.com

bestbathroomremodeling.club

lnshykj.com

nelsonanddima.com

falunap.info

codyhinrichs.com

2797vip.com

danutka.com

3o2t307a.com

kellymariewest.com

profilelonn.online

procan.website

sopjimmy.com

xn--skdarkae-55ac80i.net

entitymanaged.com

melitadahl.art

joineguru.net

Targets

- Target
  
  8340F192A38F93E6AD8FC515505E2D2A9D8B0457E3F2D684A60BA292AA8C1CD0
- Size
  
  813KB
- MD5
  
  3c8761ae223c4e16060ec46b42d46ca6
- SHA1
  
  e52161319d8a16f308912d3fcfe834c31de4a411
- SHA256
  
  8340f192a38f93e6ad8fc515505e2d2a9d8b0457e3f2d684a60ba292aa8c1cd0
- SHA512
  
  13daa66c63c13ac557243ce7c0ed4fead59940411ed53686627fef16d8021d85243abcfa999e96c70a44b50cc292bd97a0c0f402979cfefda6a6fff547bd14b0
- SSDEEP
  
  24576:qinr5XXXXXXXXXXXXUXXXXXXXSXXXXXXXX4m+r5XXXXXXXXXXXXUXXXXXXXSXXXn:8QX1FU
Score

10^/10

formbook b3es rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookb3esratspywarestealertrojan

behavioral2