formbook

General

Target

Beyan bilgileri.exe
Size

320KB
Sample

221209-mc4ccsch78
MD5

170180f6600397459bd336d784f68d29
SHA1

d1a3b3b37326d4f3f229785370a6207d3a4c18cc
SHA256

bcb4b428f2487d1dfc2d5f36fdd7f334e7915a5fad15f46835f6a8420002c327
SHA512

ddf9d91ce714e3dc0c85df6f98a6e6705730ffaff1cbb1973578a8783db532bb76a455e31c080255e7fcf8693ae860bfac42462823bef912dd59d32ef0c03297
SSDEEP

6144:9kwqnbxKVJjrA3CSa/2jgPhOJUoPTJd4U87psxJMUzU:ksS3CSW2GmUoPTcU87pcRw

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

tc10

Decoy

mwigyu.com

sepuluholx.com

nsdigitalagency.com

horrorkore.com

santaclaracoimbrakarate.com

myeternalsummer.com

laosmidnight-lotto.com

haremp.xyz

boyace.top

unusualwithdrawal.com

wildflowerkidsri.com

backlitvps.dev

topwellgas.com

k3nnsworld3.com

wanbang.xyz

cntvc.net

sjcamden.church

pussit24.com

claml.com

statisticsturkey.com

Targets

- Target
  
  Beyan bilgileri.exe
- Size
  
  320KB
- MD5
  
  170180f6600397459bd336d784f68d29
- SHA1
  
  d1a3b3b37326d4f3f229785370a6207d3a4c18cc
- SHA256
  
  bcb4b428f2487d1dfc2d5f36fdd7f334e7915a5fad15f46835f6a8420002c327
- SHA512
  
  ddf9d91ce714e3dc0c85df6f98a6e6705730ffaff1cbb1973578a8783db532bb76a455e31c080255e7fcf8693ae860bfac42462823bef912dd59d32ef0c03297
- SSDEEP
  
  6144:9kwqnbxKVJjrA3CSa/2jgPhOJUoPTJd4U87psxJMUzU:ksS3CSW2GmUoPTcU87pcRw
Score

10^/10

formbook tc10 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2