formbook

General

Target

7bbed739e54f8c6806d75bc1e07b64f3585297ee
Size

277KB
Sample

230201-p9r2psfc21
MD5

43056ad325dc432700151289c7135e81
SHA1

7bbed739e54f8c6806d75bc1e07b64f3585297ee
SHA256

139c10bab25d09231dfa465708c27632ed0618caaa710af0a1f326f80abd365b
SHA512

8c28e6fb9f49e302abf8f58f4cabe54bc35cb64139fb4a0a335debc1a994fcd9db03b82941284b2d62add0d706de8353a39bd945a757e79f8e25deaa1e5e12e0
SSDEEP

6144:ZYa6lRGw1D8yslb006YIaSt+sBa6klAF/uGBe3H9ZOJ/chVmabHyvbCfnN4K:ZYTRn4yslb0BYXH6a6kI/un3nIuAa4bS

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sk29

Decoy

adobeholidaylego.com

labassecourdecaro.com

whhlbz.net

aikxian.net

myimmigration.net

etribe.info

fercosgru.com

everbrighthouse.com

finepizzavegesack.info

mesuretonradon.com

escopic.art

mapzle.com

panachesports.net

alabamasbesthvac.com

esghf.com

usrisik.com

activseal.com

eventplanningpros.africa

adufyuwefjdfuiwefl.site

kornilt.com

Targets

- Target
  
  7bbed739e54f8c6806d75bc1e07b64f3585297ee
- Size
  
  277KB
- MD5
  
  43056ad325dc432700151289c7135e81
- SHA1
  
  7bbed739e54f8c6806d75bc1e07b64f3585297ee
- SHA256
  
  139c10bab25d09231dfa465708c27632ed0618caaa710af0a1f326f80abd365b
- SHA512
  
  8c28e6fb9f49e302abf8f58f4cabe54bc35cb64139fb4a0a335debc1a994fcd9db03b82941284b2d62add0d706de8353a39bd945a757e79f8e25deaa1e5e12e0
- SSDEEP
  
  6144:ZYa6lRGw1D8yslb006YIaSt+sBa6klAF/uGBe3H9ZOJ/chVmabHyvbCfnN4K:ZYTRn4yslb0BYXH6a6kI/un3nIuAa4bS
Score

10^/10

formbook sk29 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2