formbook

General

Target

SecuriteInfo.com.Win64.PWSX-gen.18962.7585.exe
Size

446KB
Sample

221205-pz7peabc78
MD5

26810d567e2c0bdcba316e23db1e94fe
SHA1

85b7121630abf4ce123cb9356af84919b4131a5e
SHA256

268b4b1d198ff77105bd88629138c10e89449a0c405af87e00bbdb039643acb0
SHA512

5ffa18334b5e59231a141f91e6d8ad2e946d1e06694a99ed26e8b259fef8a87eefdf84783c9b5572cb53b8110b86e37f8d221c467233310c149b9ed78b156ae4
SSDEEP

12288:EGEaxyIEHBzQE3u9AavxuAA39anZYuo7t:3WBOAuxA9aZYuc

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

t5ez

Decoy

v+YaDdg/udazyV4Iyw==

MXDNPIhw1/8BP0Ud2fguBRZ/8nF6wQ==

WsTRjsGfK1Wt+wjFRn9mBQ==

TrAv42rPyfBfhpI=

2FrznhJCG6bpCgm9+n/Xq0cr

phy0dqeRgaeZzcuciHGgrkeVQw==

DIYHd2O24QEB

wVbxr0eqbQZMc4xwQF1W3NdmR2Xc

ncsN3VitpSp18jvXswKeJeQKA1DW

n/FT0RVVULr7fMV0Ykb8ztU=

OET6wvfsbaGp6O2/Rn9mBQ==

2Rb8gNoGR5GEwAeUhcs=

wR8Fc7imd8/3cQeUhcs=

rMZ/VOtX0kR/yV4Iyw==

9YIUqO7RR4iL5Cffi994

03AHmeAX+2F85Cnfi994

9QbOseAK0/c4SGJW

S1EDywDiYofETA==

ivZm1wDWR2hgAEFURn9mBQ==

D2pe4DygKUJKoLidIuwJo4PiKGhyZLPc

Targets

- Target
  
  SecuriteInfo.com.Win64.PWSX-gen.18962.7585.exe
- Size
  
  446KB
- MD5
  
  26810d567e2c0bdcba316e23db1e94fe
- SHA1
  
  85b7121630abf4ce123cb9356af84919b4131a5e
- SHA256
  
  268b4b1d198ff77105bd88629138c10e89449a0c405af87e00bbdb039643acb0
- SHA512
  
  5ffa18334b5e59231a141f91e6d8ad2e946d1e06694a99ed26e8b259fef8a87eefdf84783c9b5572cb53b8110b86e37f8d221c467233310c149b9ed78b156ae4
- SSDEEP
  
  12288:EGEaxyIEHBzQE3u9AavxuAA39anZYuo7t:3WBOAuxA9aZYuc
Score

10^/10

formbook t5ez rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2