formbook

General

Target

66F34068C533BC957B3EF71F9AEFB0F17D7F42A2BF84EC2EDA416CA8C9F5D53A
Size

244KB
Sample

221213-2rh3asbe4y
MD5

c3f33f27357489918d766349a23fa3ca
SHA1

9b0aa0b1f30c2729c353aa8e363e88abb3e892a2
SHA256

66f34068c533bc957b3ef71f9aefb0f17d7f42a2bf84ec2eda416ca8c9f5d53a
SHA512

9589dab5361c3d2aca9d7727e04cba5950010534d8324c5f155780c5d9e18defb1a6f66336f7929f98e9b11cf69c41117bd8e62c47cecef2d506daf6095edb3f
SSDEEP

6144:foN9utDrCrkdYyVA5bbeiKr1V6EcaTcN0zCz:foN9e/Cr0Yy+5bS9BV6v0u

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

je14

Decoy

innervisionbuildings.com

theenergysocialite.com

565548.com

panghr.com

onlyonesolutions.com

stjohnzone6.com

cnotes.rest

helfeb.online

xixi-s-inc.club

easilyentered.com

theshopx.store

mrclean-ac.com

miamibeachwateradventures.com

jpearce.co.uk

seseragi-bunkou.com

minimaddie.com

commbank-help-849c3.com

segohandelsonderneming.com

namthanhreal.com

fototerapi.online

Targets

- Target
  
  jets66700.exe
- Size
  
  258KB
- MD5
  
  c10e0b9756b38239fed5025e119db829
- SHA1
  
  b7a2ddbfd18fe7f0ea7683e73d84a595e966ebb9
- SHA256
  
  3603af319837f00dacace08ff3add606ccfd6faf64a53606575aae6f1a4ba782
- SHA512
  
  8d4d4edf987383774e8ccf54f5d06a8d08f1a52ee40592aacd5d512bc7c445f1d61b0333582b1c3f25cee14ee97aa4625941a9bd7425741c95736168f082f06c
- SSDEEP
  
  6144:QBn1/KUwq3q6YqZZ9f/EBqpObOiFzkiUF9FaP5qgJDa:gNslSEbOizk/9Foqg0
Score

10^/10

formbook je14 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2