formbook

General

Target

1546e632cb3cd6abb0497a1e941d7c1afefd3d1bc7582b63f49d948241406b80.exe
Size

328KB
Sample

221207-3qavzage48
MD5

59ec68c614cbd08f061b98ee2f7558b6
SHA1

518e36c73b44331e89a74c651ddf64e9ad79ee10
SHA256

1546e632cb3cd6abb0497a1e941d7c1afefd3d1bc7582b63f49d948241406b80
SHA512

9e7efd81d2cd1ffcc35d76f33b24f96ebfe459f9768ff29fce9d56877471dff8ef1dfe469b3ff045eb913cebc30a8b44d0c3cbe1b46f6fc7e7eaa5c853eea99b
SSDEEP

6144:ptxBKhzEHZ6pqRMVr5PdD1IQnAPJrueL9KEzbIgsfd+O2hht9lKSYS:ptLKhIZ60+VrVR/UJrueL9PbcV8jt9lH

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

4u5a

Decoy

Y9HWoINcPu0r7SSSKt4FCmk7

G/E64auYdhRQM4wZW2bcOaY=

bL57APty/StRpW49a+EdxA==

TppryJ0SoslHe8gJFVc=

HXxDShYIEcUJDahdv2nvl5Hlbp4=

EKaq5c6w0nV3WWlEqM4Www==

VM+YjE8XS1OLcH1roYF4zA==

OwK0wxmBGnq2Fg==

B1zy4bulyfY9tj9DK2eIkeYArpTt

Avj5JeA8m9girqfQ4+cZxA==

AOY4dmDFkCdX8HUJMw==

5cQUw3pPMYr07V8=

P7ZsN4/zt63AEw==

FYyVCOpB8Vl//kSkDLPo91Yy

jxwZTBp+5gcsccPxDF+K4bDG2Rpp0A==

iGx9AO58DRhZbXX9

prwVyLkAtlhSU6irmansg8wArpTt

uqa8ZPl+FFObOkdFNg==

tL4OhF22EDaEOkdFNg==

6exH76Z9o7eu/n86vgPE

Targets

- Target
  
  1546e632cb3cd6abb0497a1e941d7c1afefd3d1bc7582b63f49d948241406b80.exe
- Size
  
  328KB
- MD5
  
  59ec68c614cbd08f061b98ee2f7558b6
- SHA1
  
  518e36c73b44331e89a74c651ddf64e9ad79ee10
- SHA256
  
  1546e632cb3cd6abb0497a1e941d7c1afefd3d1bc7582b63f49d948241406b80
- SHA512
  
  9e7efd81d2cd1ffcc35d76f33b24f96ebfe459f9768ff29fce9d56877471dff8ef1dfe469b3ff045eb913cebc30a8b44d0c3cbe1b46f6fc7e7eaa5c853eea99b
- SSDEEP
  
  6144:ptxBKhzEHZ6pqRMVr5PdD1IQnAPJrueL9KEzbIgsfd+O2hht9lKSYS:ptLKhIZ60+VrVR/UJrueL9PbcV8jt9lH
Score

10^/10

formbook 4u5a rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2