formbook

General

Target

SecuriteInfo.com.Trojan-Spy.AgentTesla.13645.3532.exe
Size

449KB
Sample

221202-kesbrsac26
MD5

58f4e4a04bdb4ddd05a9cc46db449bac
SHA1

5b8833122003a416706e12f35e103c30a34dd5ac
SHA256

852f5fdc41f6a946823e438d3c705407ab50bb35f4496c62fe42b87d10ddda49
SHA512

850627e5315007a48ebd84120b1e5b201d49fda20eeca2d832ea26f61b63fc47b2c028e35cbf750d33a5a76e1be47bbc3c5828941f5a1c0dd979f53951d5aee3
SSDEEP

12288:LNafFp4sPImSrpBMrkEv84gk0axRxmdVdMD/o6KVZvJIc:LCFpomSrLMQigkbVmdLMD/o6MKc

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

t5ez

Decoy

v+YaDdg/udazyV4Iyw==

MXDNPIhw1/8BP0Ud2fguBRZ/8nF6wQ==

WsTRjsGfK1Wt+wjFRn9mBQ==

TrAv42rPyfBfhpI=

2FrznhJCG6bpCgm9+n/Xq0cr

phy0dqeRgaeZzcuciHGgrkeVQw==

DIYHd2O24QEB

wVbxr0eqbQZMc4xwQF1W3NdmR2Xc

ncsN3VitpSp18jvXswKeJeQKA1DW

n/FT0RVVULr7fMV0Ykb8ztU=

OET6wvfsbaGp6O2/Rn9mBQ==

2Rb8gNoGR5GEwAeUhcs=

wR8Fc7imd8/3cQeUhcs=

rMZ/VOtX0kR/yV4Iyw==

9YIUqO7RR4iL5Cffi994

03AHmeAX+2F85Cnfi994

9QbOseAK0/c4SGJW

S1EDywDiYofETA==

ivZm1wDWR2hgAEFURn9mBQ==

D2pe4DygKUJKoLidIuwJo4PiKGhyZLPc

Targets

- Target
  
  SecuriteInfo.com.Trojan-Spy.AgentTesla.13645.3532.exe
- Size
  
  449KB
- MD5
  
  58f4e4a04bdb4ddd05a9cc46db449bac
- SHA1
  
  5b8833122003a416706e12f35e103c30a34dd5ac
- SHA256
  
  852f5fdc41f6a946823e438d3c705407ab50bb35f4496c62fe42b87d10ddda49
- SHA512
  
  850627e5315007a48ebd84120b1e5b201d49fda20eeca2d832ea26f61b63fc47b2c028e35cbf750d33a5a76e1be47bbc3c5828941f5a1c0dd979f53951d5aee3
- SSDEEP
  
  12288:LNafFp4sPImSrpBMrkEv84gk0axRxmdVdMD/o6KVZvJIc:LCFpomSrLMQigkbVmdLMD/o6MKc
Score

10^/10

formbook t5ez rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2