formbook | f32cba300b9df860f81e39c1331ba9894793fb12a99a10fb79d3ccccb1c0e965 | Triage

Sharing

General

Target

F32CBA300B9DF860F81E39C1331BA9894793FB12A99A10FB79D3CCCCB1C0E965
Size

1.0MB
Sample

221208-ye2r4aeb2z
MD5

55b3d16dfac60ddf403e8fb67375cae8
SHA1

d9079cdc7e7620388bb68d04d99aef107ce1f30b
SHA256

f32cba300b9df860f81e39c1331ba9894793fb12a99a10fb79d3ccccb1c0e965
SHA512

016c97686ea7f6c49a6e93128f67dce2f10494bd249f1f96a6242d1da954bb9741bbc20a964c7e1f824320fe825450845b3cf140daeee9732cc0e0c7b96c3dd0
SSDEEP

24576:Yr5XXXXXXXXXXXXUXXXXXXXSXXXXXXXXym0r5XXXXXXXXXXXXUXXXXXXXSXXXXX+:

Score

10^/10

formbook b3es rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b3es

Decoy

sweets.wtf

apextama.com

tygbs.com

kumaoedu.com

bestbathroomremodeling.club

lnshykj.com

nelsonanddima.com

falunap.info

codyhinrichs.com

2797vip.com

danutka.com

3o2t307a.com

kellymariewest.com

profilelonn.online

procan.website

sopjimmy.com

xn--skdarkae-55ac80i.net

entitymanaged.com

melitadahl.art

joineguru.net

Targets

- Target
  
  F32CBA300B9DF860F81E39C1331BA9894793FB12A99A10FB79D3CCCCB1C0E965
- Size
  
  1.0MB
- MD5
  
  55b3d16dfac60ddf403e8fb67375cae8
- SHA1
  
  d9079cdc7e7620388bb68d04d99aef107ce1f30b
- SHA256
  
  f32cba300b9df860f81e39c1331ba9894793fb12a99a10fb79d3ccccb1c0e965
- SHA512
  
  016c97686ea7f6c49a6e93128f67dce2f10494bd249f1f96a6242d1da954bb9741bbc20a964c7e1f824320fe825450845b3cf140daeee9732cc0e0c7b96c3dd0
- SSDEEP
  
  24576:Yr5XXXXXXXXXXXXUXXXXXXXSXXXXXXXXym0r5XXXXXXXXXXXXUXXXXXXXSXXXXX+:
Score

10^/10

formbook b3es rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookb3esratspywarestealertrojan

behavioral2