formbook

General

Target

SecuriteInfo.com.Win64.PWSX-gen.2847.5153.exe
Size

446KB
Sample

221205-e3netseh72
MD5

06e01e2bed6e92c22c2b1ba2c229b87e
SHA1

0a93f1db6f7b10fc39d816358c179b8194ddfe27
SHA256

b8aa87c8e614e00306b46db6b98507c5ec4b8a81cad30bef832eec8ecb4d619b
SHA512

0be7543e952801c3abfa31e81b643b4e2d854c67742139fd737e199289facaa5f8793b31ac95487885937ddbba51068826aa413101aa5d8576de3555191c8c2d
SSDEEP

12288:uJy9FmdkkLP4LDuCV36CLJ7166s8MeUVk+DI:iCoPcmCV3jLJ7166uR3

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

t5ez

Decoy

v+YaDdg/udazyV4Iyw==

MXDNPIhw1/8BP0Ud2fguBRZ/8nF6wQ==

WsTRjsGfK1Wt+wjFRn9mBQ==

TrAv42rPyfBfhpI=

2FrznhJCG6bpCgm9+n/Xq0cr

phy0dqeRgaeZzcuciHGgrkeVQw==

DIYHd2O24QEB

wVbxr0eqbQZMc4xwQF1W3NdmR2Xc

ncsN3VitpSp18jvXswKeJeQKA1DW

n/FT0RVVULr7fMV0Ykb8ztU=

OET6wvfsbaGp6O2/Rn9mBQ==

2Rb8gNoGR5GEwAeUhcs=

wR8Fc7imd8/3cQeUhcs=

rMZ/VOtX0kR/yV4Iyw==

9YIUqO7RR4iL5Cffi994

03AHmeAX+2F85Cnfi994

9QbOseAK0/c4SGJW

S1EDywDiYofETA==

ivZm1wDWR2hgAEFURn9mBQ==

D2pe4DygKUJKoLidIuwJo4PiKGhyZLPc

Targets

- Target
  
  SecuriteInfo.com.Win64.PWSX-gen.2847.5153.exe
- Size
  
  446KB
- MD5
  
  06e01e2bed6e92c22c2b1ba2c229b87e
- SHA1
  
  0a93f1db6f7b10fc39d816358c179b8194ddfe27
- SHA256
  
  b8aa87c8e614e00306b46db6b98507c5ec4b8a81cad30bef832eec8ecb4d619b
- SHA512
  
  0be7543e952801c3abfa31e81b643b4e2d854c67742139fd737e199289facaa5f8793b31ac95487885937ddbba51068826aa413101aa5d8576de3555191c8c2d
- SSDEEP
  
  12288:uJy9FmdkkLP4LDuCV36CLJ7166s8MeUVk+DI:iCoPcmCV3jLJ7166uR3
Score

10^/10

formbook t5ez rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2