formbook

General

Target

8540294178.zip
Size

675KB
Sample

221208-xst4qsea3z
MD5

c150f0eba8abc161e9627f80d10669ed
SHA1

ed67af7c9fc9bf10051ce5f8f715a057a87b634e
SHA256

626cdfc3a9c2bdfc2de6eed2a99728fa3dcbc61f0f89f583c421ae3a8cbedc96
SHA512

98a964f275bde8fa7334fc081a7f2af989caf742fad4fb0ba9ef8ea79bcf7553ae90ba1b69b1490c64fd53d2e903a56c6d169370c50b0a365b68f4ff4cd90669
SSDEEP

12288:tIoP9Hgz0AjuzOO2LOOmlzhaPVKNby/ni33xW+3IIfbSeylYCu7iRRXXgn/f8CO4:560ASONKOShaPVKQg3xRnbtyS7iAf8Cj

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

pgnt

Decoy

0WG18LbM4lR9iqMRa4nlBzTb

jcfGYzPgZTqFZVO9FV2yIw==

laIfrdSC8/4CNg==

Q73ilev5GIWuOrAAFV2yIw==

Q2u/pMw7pv4sPA==

TbqvIUHwlQscPo0HFV2yIw==

8PNWfGPyE8n0IQ==

WtgROxXzvY2L

PryaRBNjm4eP

Y9Hdi06Cry1um9Sj68YAu1o=

3Gulyp7CMQtR78jvLkk=

JJ3GasTVTCRQT6Tfz6S6GlI=

RnS42bhb9tI0R6UpD6wOxriNxw==

he1mi2sOGfzTRGHnuA==

eaYjCtjxVjdU5XLRtBMBLKk9quA=

k9rTeEqYzzw8WaTfz6S6GlI=

5luVQwe2vJWKEAiMdF4=

MGW14L9OVk5Y5TaR6w/DqdhYxXVY

mAsYz6k6sQkDC0/DoHj9t1RPWLSgFQ==

y5klhuMbE8n0IQ==

Targets

- Target
  
  6c2ccca3064d2d2f17e9cd5222df4efbd2b21dc5bd7acf5b0fe57edeccd037d3
- Size
  
  855KB
- MD5
  
  06492c1cc7f4b4014d8d870cbef4cc7e
- SHA1
  
  72bd56591a036f1543d7a3dbb874bd756155d79a
- SHA256
  
  6c2ccca3064d2d2f17e9cd5222df4efbd2b21dc5bd7acf5b0fe57edeccd037d3
- SHA512
  
  5f4fe2bf826b6cb1f4b57de43ca5f907c3c537a6a5e648eb7867040a5c6047261ef12c2ef81c6a6faf91e8e6c08ce5f77e9c5080f9380df4a4ef213a18720f14
- SSDEEP
  
  12288:6jjm/7QG8h3WX9GPlqmTG/HVuYSk2/YEZA3zzu0YzYzLJqTX:Ek7QTmYy/EYSZRZADz7pA
Score

10^/10

formbook pgnt rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2