formbook

General

Target

PO6456678.7z
Size

384KB
Sample

221206-qt3zpscc76
MD5

47ff887b13ca94da8867cf8247f014fc
SHA1

efbe93ecc25874025a7dc20bad90030e32265157
SHA256

03678658a1126e0a59f926cda88114c55bb23bfc0a93fbffcbb4be19b3f09ad6
SHA512

ff990a580fda22178aed07a9144a2a4c324e57b71a05091412cfdc5ee9427c2d78279e21f43138ce161740e016b116e79cd876d33aaa51a41e244c075ac7b9bd
SSDEEP

6144:o5kqPAPLBCrfGu3yjkonyg6R2uC0Ky66GCSVKk47tTCzBwMqnmC38IW1itnc5:oZPADtOyBnN6TRg4pEqnmCMIW1kc5

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

t5ez

Decoy

v+YaDdg/udazyV4Iyw==

MXDNPIhw1/8BP0Ud2fguBRZ/8nF6wQ==

WsTRjsGfK1Wt+wjFRn9mBQ==

TrAv42rPyfBfhpI=

2FrznhJCG6bpCgm9+n/Xq0cr

phy0dqeRgaeZzcuciHGgrkeVQw==

DIYHd2O24QEB

wVbxr0eqbQZMc4xwQF1W3NdmR2Xc

ncsN3VitpSp18jvXswKeJeQKA1DW

n/FT0RVVULr7fMV0Ykb8ztU=

OET6wvfsbaGp6O2/Rn9mBQ==

2Rb8gNoGR5GEwAeUhcs=

wR8Fc7imd8/3cQeUhcs=

rMZ/VOtX0kR/yV4Iyw==

9YIUqO7RR4iL5Cffi994

03AHmeAX+2F85Cnfi994

9QbOseAK0/c4SGJW

S1EDywDiYofETA==

ivZm1wDWR2hgAEFURn9mBQ==

D2pe4DygKUJKoLidIuwJo4PiKGhyZLPc

Targets

- Target
  
  c03dca4.exe
- Size
  
  445KB
- MD5
  
  7d88844c0ef5b442116161e9bc245ccf
- SHA1
  
  3a30a642d7ea1c0f5144cd5c416c7ea3c251e2e8
- SHA256
  
  530e856fb2f5665cc8862cf1db3ec2e6cfa8493c1497cf42e1e12121d147eadc
- SHA512
  
  b489268f1a60371460042730b51e94c4c44c8b4a304b10b7cb229ab043cfff16e09a71d0da5e899229f2bcea7423a5db5990d0dbad39d7a5d382d768fbb791eb
- SSDEEP
  
  12288:0CrXgPjJwADIOyBnKDUEo14cDnfmCyY4It1:Z7k9wAkAUEo1XnfSI
Score

10^/10

formbook t5ez rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2