formbook

General

Target

a0f1b339ef38c5d545a7357492b8a327.exe
Size

327KB
Sample

221214-l83v2ahg27
MD5

a0f1b339ef38c5d545a7357492b8a327
SHA1

fc4da48839297bac23538e32354b72fc68d464ba
SHA256

469162ec601c979d1e51ad44ea01fa8a4520d650773e7280918128b43691f2e4
SHA512

7143ea53ac918c1affe6bf55f7bd8214e70b02f4bd0bd966eb1ab765822806800ed7d44bdaa49d07c560925393db7aa7fadf954e1381ed201beecfbc85af0a53
SSDEEP

6144:vEb2RYmNJaftegaqDDsjZ5dbr+tzKCc2omW5B8tCaJBg7F/k9:im/aF/54jZb3Ez9crB8Cak7xk9

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sk19

Decoy

21diasdegratitud.com

kx1993.com

chasergt.com

837news.com

naturagent.co.uk

gatorinsurtech.com

iyaboolashilesblog.africa

jamtanganmurah.online

gguminsa.com

lilliesdrop.com

lenvera.com

link48.co.uk

azinos777.fun

lgcdct.cfd

bg-gobtc.com

livecarrer.uk

cbq4u.com

imalreadygone.com

wabeng.africa

jxmheiyouyuetot.tokyo

Targets

- Target
  
  a0f1b339ef38c5d545a7357492b8a327.exe
- Size
  
  327KB
- MD5
  
  a0f1b339ef38c5d545a7357492b8a327
- SHA1
  
  fc4da48839297bac23538e32354b72fc68d464ba
- SHA256
  
  469162ec601c979d1e51ad44ea01fa8a4520d650773e7280918128b43691f2e4
- SHA512
  
  7143ea53ac918c1affe6bf55f7bd8214e70b02f4bd0bd966eb1ab765822806800ed7d44bdaa49d07c560925393db7aa7fadf954e1381ed201beecfbc85af0a53
- SSDEEP
  
  6144:vEb2RYmNJaftegaqDDsjZ5dbr+tzKCc2omW5B8tCaJBg7F/k9:im/aF/54jZb3Ez9crB8Cak7xk9
Score

10^/10

formbook sk19 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2