formbook

General

Target

DKU0021176pdf.08.12.2022pdf.exe
Size

327KB
Sample

221208-p2yjhsaa67
MD5

168fe4ae99f8a1d598a9b468976ae22c
SHA1

416df8c00c2759d6b3f3d5980a8ae18eefe65998
SHA256

bca421b3a0733bed5bb998a6fd9aac04e11cb6ef6136edc630e87d8494d52a83
SHA512

f649a50769950e972cb6bfd620d933b2c72cb8a1496259c5da831860b06971093919307bea615c9fd20652c2202d7f93cc2481e358c0c9a4ae44dfd7e77d45ed
SSDEEP

6144:9kwY81SjMHcU9YPy7zQKWWSjIDG+IunEdX01NoX6TJwU00KNfL11Qy:0sOUMyvE18DFjuO066fXzzl

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mi08

Decoy

mytimebabes.com

ycpxb.com

abdkaplani.com

cloudingersoftech.com

fthfire.xyz

christyna.work

3d-add-on.com

knowyourtechdeals.com

kcl24.com

sepatubiker.com

sunnyboy.live

zrbsq.com

rinpari.com

lesac-berra.com

yes820.com

cnnorman.com

mystichousedv.com

sbobet888auto.com

gawiul.xyz

luispenas.com

Targets

- Target
  
  DKU0021176pdf.08.12.2022pdf.exe
- Size
  
  327KB
- MD5
  
  168fe4ae99f8a1d598a9b468976ae22c
- SHA1
  
  416df8c00c2759d6b3f3d5980a8ae18eefe65998
- SHA256
  
  bca421b3a0733bed5bb998a6fd9aac04e11cb6ef6136edc630e87d8494d52a83
- SHA512
  
  f649a50769950e972cb6bfd620d933b2c72cb8a1496259c5da831860b06971093919307bea615c9fd20652c2202d7f93cc2481e358c0c9a4ae44dfd7e77d45ed
- SSDEEP
  
  6144:9kwY81SjMHcU9YPy7zQKWWSjIDG+IunEdX01NoX6TJwU00KNfL11Qy:0sOUMyvE18DFjuO066fXzzl
Score

10^/10

formbook mi08 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2