formbook

General

Target

PO 90809.doc
Size

32KB
Sample

230111-dvwksseb6y
MD5

ef93fa6845a7f03d2809cf03a14e0c39
SHA1

d2e4d2a05c854705fa43d40b5db4ff414b28a586
SHA256

4659186cccfb9bb9cf85deb8456bd9dcc4a55a5efb81d5498403c795eae490f9
SHA512

d63b6f0180fc0b93eff8ff67049d7bb4466cd30e78f85ba8542d3d02662d04d41d2d6a23c22d0e33fb2a808ebc36cab2fced2e698c136da13b801d6209277e00
SSDEEP

768:bFx0XaIsnPRIa4fwJMZasp60BjDpA7V/HUMpqX6ZivAsrtAzckNdvG:bf0Xvx3EMZaCHB3pqHUMEq4vAzckNVG

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pe63

Decoy

iparkshonan.com

cahoonset.com

chuliji.com

judiangka.boats

casadecanyonlane.com

hukaol.xyz

websiteclonescripts.com

jjlpoi.com

e-insurance.africa

buketubalonu.com

foruminati.se

12rivalo.xyz

bblifebizsolutions.com

larimarfitness.com

conectado.xyz

511271.com

shpte-energy.net

thewayit.net

jpdentistry.co.uk

aisini5201314.love

Targets

- Target
  
  PO 90809.doc
- Size
  
  32KB
- MD5
  
  ef93fa6845a7f03d2809cf03a14e0c39
- SHA1
  
  d2e4d2a05c854705fa43d40b5db4ff414b28a586
- SHA256
  
  4659186cccfb9bb9cf85deb8456bd9dcc4a55a5efb81d5498403c795eae490f9
- SHA512
  
  d63b6f0180fc0b93eff8ff67049d7bb4466cd30e78f85ba8542d3d02662d04d41d2d6a23c22d0e33fb2a808ebc36cab2fced2e698c136da13b801d6209277e00
- SSDEEP
  
  768:bFx0XaIsnPRIa4fwJMZasp60BjDpA7V/HUMpqX6ZivAsrtAzckNdvG:bf0Xvx3EMZaCHB3pqHUMEq4vAzckNVG
Score

10^/10

formbook pe63 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2