formbook

General

Target

19b1c1a8ae564560a0cbf3382bd566fd6b70c4a685d86dbd64f25fe01cc17cca.exe
Size

260KB
Sample

221201-zmb23sad47
MD5

d7f70f86875fb3aadfa0228690652fb3
SHA1

40745191f6897210d46c023259ac17084ebe0f12
SHA256

19b1c1a8ae564560a0cbf3382bd566fd6b70c4a685d86dbd64f25fe01cc17cca
SHA512

528a947c1219faeb14585ab9e5dbfd23cc2a8aaf1bbaa11fdff13699c904bdf5364c149de26fb91ba134d737d82d7208144d9036c0dc3f88ff56357fd8cb2701
SSDEEP

6144:QBn1/WI+GjGGWQ51zoG0cm9TsMhKULa2OEmQV2:g/nVGGZPoDceTXhxL2Pp

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

tc10

Decoy

mwigyu.com

sepuluholx.com

nsdigitalagency.com

horrorkore.com

santaclaracoimbrakarate.com

myeternalsummer.com

laosmidnight-lotto.com

haremp.xyz

boyace.top

unusualwithdrawal.com

wildflowerkidsri.com

backlitvps.dev

topwellgas.com

k3nnsworld3.com

wanbang.xyz

cntvc.net

sjcamden.church

pussit24.com

claml.com

statisticsturkey.com

Targets

- Target
  
  19b1c1a8ae564560a0cbf3382bd566fd6b70c4a685d86dbd64f25fe01cc17cca.exe
- Size
  
  260KB
- MD5
  
  d7f70f86875fb3aadfa0228690652fb3
- SHA1
  
  40745191f6897210d46c023259ac17084ebe0f12
- SHA256
  
  19b1c1a8ae564560a0cbf3382bd566fd6b70c4a685d86dbd64f25fe01cc17cca
- SHA512
  
  528a947c1219faeb14585ab9e5dbfd23cc2a8aaf1bbaa11fdff13699c904bdf5364c149de26fb91ba134d737d82d7208144d9036c0dc3f88ff56357fd8cb2701
- SSDEEP
  
  6144:QBn1/WI+GjGGWQ51zoG0cm9TsMhKULa2OEmQV2:g/nVGGZPoDceTXhxL2Pp
Score

10^/10

formbook tc10 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2