formbook

General

Target

ewe.exe
Size

947KB
Sample

221130-gesezseh4z
MD5

b39bb6d5236d059f15e0c303119ac2ac
SHA1

169bbde66c91ec403e5378e3af49b7e038739a59
SHA256

bab8c0c9b3c3cebaa6f32565eadd1733308973fade84142c07bb1d5608fc6a0c
SHA512

c64992edf997a67981a1a8fa59176c1b8430668f31f86af546196e2944e477e8ff89ea298ccbc9b0cd4e7e5b5fd40f4f616b838c6e75e493854c5af6a545183c
SSDEEP

6144:CE0WCLnQX46PiAdNF5miUfnKk7gDaKIUzjmVqJE9/UxaGHXvI1N7nRl3kgbIpxC3:8WCLQIClF5mHKQSdiqosaG/8NpDAds

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

dcn0

Decoy

ZVx68vDtAMBCwg==

oBMBvsNORkM/O/ox

Ff9pISWkm6eG4lByIspp

c2T42c6CIIF6B8xTxm9XzpVw

bvjhxRbnAC183w==

0lTttSNG4HUDNflyIspp

hPXFlstqiHA/O/ox

WLR+MeerxZ0cNn1ja+IQAYo=

IHRn4xXOVKi477zarG+ObSy7YJA=

Xhf3e+tdAC183w==

Xk0ZAezv2rWH

kngo+vBeSRN7AszNwam3Osmguuqc0MoC

a2Qp7a+E8fSw7LDjpnqEKjsRZA==

3zjy4E7+QM48wg==

YcCmqT3OUNAigVott2pBKiy7YJA=

4+SMeX1juat/5cZ1AZihcyy7YJA=

/+m7sro0OBTl3TMpCw==

i2ctEfe4//a64yklMsgS2J90

+loZ2QKGX0UWgpvErMs=

b9BNCnJWQJS8IfsR0uR3bCy7YJA=

Targets

- Target
  
  ewe.exe
- Size
  
  947KB
- MD5
  
  b39bb6d5236d059f15e0c303119ac2ac
- SHA1
  
  169bbde66c91ec403e5378e3af49b7e038739a59
- SHA256
  
  bab8c0c9b3c3cebaa6f32565eadd1733308973fade84142c07bb1d5608fc6a0c
- SHA512
  
  c64992edf997a67981a1a8fa59176c1b8430668f31f86af546196e2944e477e8ff89ea298ccbc9b0cd4e7e5b5fd40f4f616b838c6e75e493854c5af6a545183c
- SSDEEP
  
  6144:CE0WCLnQX46PiAdNF5miUfnKk7gDaKIUzjmVqJE9/UxaGHXvI1N7nRl3kgbIpxC3:8WCLQIClF5mHKQSdiqosaG/8NpDAds
Score

10^/10

formbook dcn0 persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1

T1004

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Remote System Discovery

1

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Modifies WinLogon for persistence

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2