formbook

General

Target

file.exe
Size

296KB
Sample

230209-p2cl2scd8t
MD5

1d920aa56457a163c9ede013081ae820
SHA1

9e9ed8cf1341aaba3c6e32609a3780dff407a2ce
SHA256

3d269d34d687979b0d73960f880ef5eaf5cd4bf4b90129ce5d6c0c5f8ec58995
SHA512

f2e25d3656575e418a89642d4828ae15f04bb74e310c562cd3190bebf7dcf5b4104a4b81b20ba1825d4a3097234dafb1c1276c2cbee5ed00da69e4feaab8cbc2
SSDEEP

6144:/Ya60IJrcLmPyG1twMNr1GX1Iius7CCeEhMNUPLegtfSdtyQ:/YaIeOyG/slB7CCPQULid0Q

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

re29

Decoy

barnstorm-music.com

gazzettadellapuglia.com

baratieistore.space

cdrjdkj.com

carlissablog.com

langlalang.com

2886365.com

aq993.cyou

jwjwjwjw.com

car-deals-80304.com

dikevolesas.info

buycialistablets.online

theplantgranny.net

detoxshopbr.store

imans.biz

fightingcock.co.uk

loveforfurbabies.com

eastcoastbeveragegroup.com

alaaeldinsoft.com

microshel.com

Targets

- Target
  
  file.exe
- Size
  
  296KB
- MD5
  
  1d920aa56457a163c9ede013081ae820
- SHA1
  
  9e9ed8cf1341aaba3c6e32609a3780dff407a2ce
- SHA256
  
  3d269d34d687979b0d73960f880ef5eaf5cd4bf4b90129ce5d6c0c5f8ec58995
- SHA512
  
  f2e25d3656575e418a89642d4828ae15f04bb74e310c562cd3190bebf7dcf5b4104a4b81b20ba1825d4a3097234dafb1c1276c2cbee5ed00da69e4feaab8cbc2
- SSDEEP
  
  6144:/Ya60IJrcLmPyG1twMNr1GX1Iius7CCeEhMNUPLegtfSdtyQ:/YaIeOyG/slB7CCPQULid0Q
Score

10^/10

formbook re29 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2