formbook

General

Target

E-dekont.pdf.exe
Size

266KB
Sample

230210-mkdfxaaf9z
MD5

fbbdef7b1be694b9913a9e6e91681847
SHA1

e81a9326b40b5d23b249ce018f3038172eeea087
SHA256

eea29ccf59fa6a6aa5a3c14360db6068144f14601d987ec37ea21a35cdac9430
SHA512

53613b4b7be5db5f0ae1d8ae744a46cbd2ae87838bae9f39381a2a120abfdcd0ebafad41859d5808a1cb786befd35c1af27a6f3e6308187c8841ffd408d9fded
SSDEEP

6144:vYa6rCjol7mXbdsH7sXM5CErVGf0xWdEkw5U+mWINbles4lmA1C0Vl3qIhOP:vYB3lKdsH7Xj+vhF5N4R1PnW

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

me29

Decoy

borne-selfie-valence.com

erccore.com

fontebono.com

58619.se

smartmetersystems.co.uk

defrag.team

az-architecture.com

healingthehoard.com

eqde.ru

kingsedubd.com

hoibeebu.net

findbesthomesolution.com

dinkdfw.com

alfa-outlet.com

claritybiometrics.video

lewshopok.cfd

crofton77.online

assetzstat.info

indianhillsequine.com

vetsclosetomylocation.com

Targets

- Target
  
  E-dekont.pdf.exe
- Size
  
  266KB
- MD5
  
  fbbdef7b1be694b9913a9e6e91681847
- SHA1
  
  e81a9326b40b5d23b249ce018f3038172eeea087
- SHA256
  
  eea29ccf59fa6a6aa5a3c14360db6068144f14601d987ec37ea21a35cdac9430
- SHA512
  
  53613b4b7be5db5f0ae1d8ae744a46cbd2ae87838bae9f39381a2a120abfdcd0ebafad41859d5808a1cb786befd35c1af27a6f3e6308187c8841ffd408d9fded
- SSDEEP
  
  6144:vYa6rCjol7mXbdsH7sXM5CErVGf0xWdEkw5U+mWINbles4lmA1C0Vl3qIhOP:vYB3lKdsH7Xj+vhF5N4R1PnW
Score

10^/10

formbook me29 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2