formbook

General

Target

19bddaeb1d8938d66673c1112d8d471c.exe
Size

348KB
Sample

230112-s77wxsge72
MD5

19bddaeb1d8938d66673c1112d8d471c
SHA1

bf2328c1d812a511afefe8b390f0645ed5acf17e
SHA256

49b9d1d18db314169a965dd873c7811b055675d2342a19f82a6c4ad3c3a5d324
SHA512

f0d691d657356d2237a6d34a63e350c418fc20c931cb1ea81d994cbdf952ac0248fa750a5e80fa7fd48b2e65035c2d3e2f6cd8aae9b2cec6026351ec245c3eb3
SSDEEP

6144:/Ya6CSz3M2skORlRU6dRqgcj3iaQ6UB0tCA6CT4MaBXazV:/YVbM2svlRHdMgcjBQlBrpMxV

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pe63

Decoy

iparkshonan.com

cahoonset.com

chuliji.com

judiangka.boats

casadecanyonlane.com

hukaol.xyz

websiteclonescripts.com

jjlpoi.com

e-insurance.africa

buketubalonu.com

foruminati.se

12rivalo.xyz

bblifebizsolutions.com

larimarfitness.com

conectado.xyz

511271.com

shpte-energy.net

thewayit.net

jpdentistry.co.uk

aisini5201314.love

Targets

- Target
  
  19bddaeb1d8938d66673c1112d8d471c.exe
- Size
  
  348KB
- MD5
  
  19bddaeb1d8938d66673c1112d8d471c
- SHA1
  
  bf2328c1d812a511afefe8b390f0645ed5acf17e
- SHA256
  
  49b9d1d18db314169a965dd873c7811b055675d2342a19f82a6c4ad3c3a5d324
- SHA512
  
  f0d691d657356d2237a6d34a63e350c418fc20c931cb1ea81d994cbdf952ac0248fa750a5e80fa7fd48b2e65035c2d3e2f6cd8aae9b2cec6026351ec245c3eb3
- SSDEEP
  
  6144:/Ya6CSz3M2skORlRU6dRqgcj3iaQ6UB0tCA6CT4MaBXazV:/YVbM2svlRHdMgcjBQlBrpMxV
Score

10^/10

formbook pe63 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2