formbook

General

Target

RECEIPTT.exe
Size

267KB
Sample

230211-ewyl8acg7s
MD5

e38c4b7f5de2846f89e8e061df8731c6
SHA1

bfd739aaebc057290b3cae29935017df979ab8fd
SHA256

9ebd42be2d0f505ae863efdf099bd29f7058ec11077db24fb97c5683eb8df9fb
SHA512

c254b24d62e648a9e53762da451de39431dc246a5e029775df2a4b91bc21d2b8d40c928a682c472087d5ce0a73c83c485f1e0fbb7ec10c8267fa7158d969cd7e
SSDEEP

6144:/Ya68EOX/D62/LlUP80HILUNnKx1yl4QKopM0Pdlo:/YyjvW2DlUBvnKx1ylPq0Fq

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ke03

Decoy

fastartcustom.com

ikanggabus.xyz

aevum.ru

lacarretapps.com

arcaneacquisitions.net

fuulyshop.com

bloodbahis278.com

bullardrvpark.com

cowboy-hostel.xyz

empireoba.com

the-windsor-h.africa

help-desk-td.com

dofirosols.life

efefarmy.buzz

kewwrf.top

autoran.co.uk

moodysanalytics.boo

kulturemarket.com

ffwpu-kenya.com

heykon.com

Targets

- Target
  
  RECEIPTT.exe
- Size
  
  267KB
- MD5
  
  e38c4b7f5de2846f89e8e061df8731c6
- SHA1
  
  bfd739aaebc057290b3cae29935017df979ab8fd
- SHA256
  
  9ebd42be2d0f505ae863efdf099bd29f7058ec11077db24fb97c5683eb8df9fb
- SHA512
  
  c254b24d62e648a9e53762da451de39431dc246a5e029775df2a4b91bc21d2b8d40c928a682c472087d5ce0a73c83c485f1e0fbb7ec10c8267fa7158d969cd7e
- SSDEEP
  
  6144:/Ya68EOX/D62/LlUP80HILUNnKx1yl4QKopM0Pdlo:/YyjvW2DlUBvnKx1ylPq0Fq
Score

10^/10

formbook ke03 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2