formbook

General

Target

offjetsew3321.exe
Size

228KB
Sample

221206-xjmcjagd5y
MD5

98f963b9d7225413ec18f48a473c1f40
SHA1

1272577d90b8d212416732e54258b136cbd2f3d3
SHA256

36f515bac3960c07aea759f03208f901b84050cd57c84a2fce20e92b83158b3c
SHA512

778b186ef6c85651bb722701ee77785aed3bd51048a3ecd12423779c8b1ac640eea61a85712ceb03be48916b8c20c587adc4ee9f625f3a4b96a442f9b550b579
SSDEEP

6144:QBn1yQEl9B3my7WMRNICK7WtIGpUv82m+mLZxhhO4+/:gnEl9Iy7zRNI7BGpU4L1J+/

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

je14

Decoy

innervisionbuildings.com

theenergysocialite.com

565548.com

panghr.com

onlyonesolutions.com

stjohnzone6.com

cnotes.rest

helfeb.online

xixi-s-inc.club

easilyentered.com

theshopx.store

mrclean-ac.com

miamibeachwateradventures.com

jpearce.co.uk

seseragi-bunkou.com

minimaddie.com

commbank-help-849c3.com

segohandelsonderneming.com

namthanhreal.com

fototerapi.online

Targets

- Target
  
  offjetsew3321.exe
- Size
  
  228KB
- MD5
  
  98f963b9d7225413ec18f48a473c1f40
- SHA1
  
  1272577d90b8d212416732e54258b136cbd2f3d3
- SHA256
  
  36f515bac3960c07aea759f03208f901b84050cd57c84a2fce20e92b83158b3c
- SHA512
  
  778b186ef6c85651bb722701ee77785aed3bd51048a3ecd12423779c8b1ac640eea61a85712ceb03be48916b8c20c587adc4ee9f625f3a4b96a442f9b550b579
- SSDEEP
  
  6144:QBn1yQEl9B3my7WMRNICK7WtIGpUv82m+mLZxhhO4+/:gnEl9Iy7zRNI7BGpU4L1J+/
Score

10^/10

formbook je14 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2