formbook

General

Target

20b5c588a10cb18af8a01581a4dfd64c.exe
Size

677KB
Sample

221207-n488cseb88
MD5

20b5c588a10cb18af8a01581a4dfd64c
SHA1

781bdcdc597b2c46b6e53e91546040adffcbfa77
SHA256

50e8d5699c036091cd4866bd3892bc89c655999e3fc96194f686587c638d6336
SHA512

6a637e977e2253ebf4011116947e8517e1f158c0ec8565cdd13d2c392fc44e50209c2fa528515d2f2bffdf0fae727adf7ebd1622f4b9b473833490653b946f22
SSDEEP

12288:/B29wVDnMcnLvcB/BtOVaRwJHLM7rmZS2P7m0uNxoQuKR8ZBlpQbrnQ:+cnWfKtHY7EPzm0AnuIIl

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

qsqm

Decoy

5QdWDmbTAyS4+MnbfdbRSCLJWc4/Fgs8SQ==

qzhoBFyaAmZO0A==

7xpp+AhS/D5LkTV9BQ==

cRUvWkg/NjyQ

scq67CuquOC6QJ9NiKUbWA==

jaSu0MXt6xOPHWmWSqOjMBuAm5hyMA==

RWihP4kGnsjyKPjSkf67c7U=

SG6OpKTt8zsEVJnLiKUbWA==

CLHYcMsKdtzFOCs=

ihMAMX/e+ijZQI+/iI0GUg==

2S6c/JKDgJIpJwUpFDiJr6o=

IDNilZQOJ1ZKkTV9BQ==

BKaOq8EiogXuLiRe

Vfo/6DWwte7re7TDiKUbWA==

+YrJZ8oQQnLrhgVS3RCwsPYz

Xe0AUNO43AdJhKaPRXglXg==

KNJA1wZILlJTaI2Yf+lNVpYEGicS

UF7SfvBgEk7GxJKlGA==

pUVIZHCwLZVSzg==

sdTb9+BnuiM7yw==

Targets

- Target
  
  20b5c588a10cb18af8a01581a4dfd64c.exe
- Size
  
  677KB
- MD5
  
  20b5c588a10cb18af8a01581a4dfd64c
- SHA1
  
  781bdcdc597b2c46b6e53e91546040adffcbfa77
- SHA256
  
  50e8d5699c036091cd4866bd3892bc89c655999e3fc96194f686587c638d6336
- SHA512
  
  6a637e977e2253ebf4011116947e8517e1f158c0ec8565cdd13d2c392fc44e50209c2fa528515d2f2bffdf0fae727adf7ebd1622f4b9b473833490653b946f22
- SSDEEP
  
  12288:/B29wVDnMcnLvcB/BtOVaRwJHLM7rmZS2P7m0uNxoQuKR8ZBlpQbrnQ:+cnWfKtHY7EPzm0AnuIIl
Score

10^/10

formbook qsqm rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2