formbook

General

Target

b231e7d8369f13df570e824dd65c5e44.exe
Size

431KB
Sample

230112-s77wxsge69
MD5

b231e7d8369f13df570e824dd65c5e44
SHA1

5fa2fd0746bce832c00c72a8a75d864ad1793b19
SHA256

19907e5318d4427729e86994feffe2418e2d6aa0c2a97b123bf553f80f0b89af
SHA512

9daf9c63b00782ff2f9676d6bef5d4694ea1a4480e6a3f8e2dbdd93d5a7ea506c1e222a563c196ddbd74e7b75193f5b67cf93bb26dc16d285dba7b189eb5dde8
SSDEEP

3072:+fY/TU9fE9PEtuSbQAdM95pqs0eNntYHE2mEYgP90Wcmytku63N1fc7FYjjomLMm:oYa6S9m/KlmEL5gszc76C4uAC6WtlxM

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pe63

Decoy

iparkshonan.com

cahoonset.com

chuliji.com

judiangka.boats

casadecanyonlane.com

hukaol.xyz

websiteclonescripts.com

jjlpoi.com

e-insurance.africa

buketubalonu.com

foruminati.se

12rivalo.xyz

bblifebizsolutions.com

larimarfitness.com

conectado.xyz

511271.com

shpte-energy.net

thewayit.net

jpdentistry.co.uk

aisini5201314.love

Targets

- Target
  
  b231e7d8369f13df570e824dd65c5e44.exe
- Size
  
  431KB
- MD5
  
  b231e7d8369f13df570e824dd65c5e44
- SHA1
  
  5fa2fd0746bce832c00c72a8a75d864ad1793b19
- SHA256
  
  19907e5318d4427729e86994feffe2418e2d6aa0c2a97b123bf553f80f0b89af
- SHA512
  
  9daf9c63b00782ff2f9676d6bef5d4694ea1a4480e6a3f8e2dbdd93d5a7ea506c1e222a563c196ddbd74e7b75193f5b67cf93bb26dc16d285dba7b189eb5dde8
- SSDEEP
  
  3072:+fY/TU9fE9PEtuSbQAdM95pqs0eNntYHE2mEYgP90Wcmytku63N1fc7FYjjomLMm:oYa6S9m/KlmEL5gszc76C4uAC6WtlxM
Score

10^/10

formbook pe63 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2