formbook

General

Target

SecuriteInfo.com.Win32.InjectorX-gen.11327.14248.exe
Size

259KB
Sample

221207-e38qrsgf8y
MD5

197ab666b7242cd57be0af99c33c150e
SHA1

c67a8a7f437716bb324e2697412464fd165c6c90
SHA256

f88caffeed956cd5b1671dde49bfc61dac4fd2007b46287debf7dab6c179bf46
SHA512

a5babd41cc7dcc73710d4ca6d03121b3395601a398158f8375dacc391e7d0b5c6255f7faff0ede21db4351662f4c2d418f6fae2db17610c017272e3aa355863a
SSDEEP

6144:QBn1m1geH7jWuQ0IQWCPt2uKQ+Hm4PMuo:gmycnWuQ0hHoQ0Q

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pr28

Decoy

huaxinimg.com

baorungas.com

comercializadoramultimus.com

blr-batipro.com

wantagedfas.uk

1thingplan.one

cweilin.com

lorienconsultingllc.com

jdzsjwx.com

casafacil.site

hkacgt.com

hasid.africa

92dgr97k4hr9.com

cvbiop.xyz

1wbskm.top

fantasticmobility.com

goodchoice2022.com

hafizpower.com

familiajoya.com

fundscrahelp.info

Targets

- Target
  
  SecuriteInfo.com.Win32.InjectorX-gen.11327.14248.exe
- Size
  
  259KB
- MD5
  
  197ab666b7242cd57be0af99c33c150e
- SHA1
  
  c67a8a7f437716bb324e2697412464fd165c6c90
- SHA256
  
  f88caffeed956cd5b1671dde49bfc61dac4fd2007b46287debf7dab6c179bf46
- SHA512
  
  a5babd41cc7dcc73710d4ca6d03121b3395601a398158f8375dacc391e7d0b5c6255f7faff0ede21db4351662f4c2d418f6fae2db17610c017272e3aa355863a
- SSDEEP
  
  6144:QBn1m1geH7jWuQ0IQWCPt2uKQ+Hm4PMuo:gmycnWuQ0hHoQ0Q
Score

10^/10

formbook pr28 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2