formbook

General

Target

a44404aac23672009dc1d835f223d35b.exe
Size

293KB
Sample

230214-w5gthafc48
MD5

a44404aac23672009dc1d835f223d35b
SHA1

31aee1e8489ef5b6033f24050ff309941f8f38b0
SHA256

1a82b5f2c6d3897569544939dfae30457d05924c8811f009d0cd1540319ea90c
SHA512

2a70e223ca53759418bb42caa5d90dee2629f18815035f4cb92296eddac284f8a4074cfc9efada30ab9c27305e14249d5cb3731ec18fc41fc87695a6ef04357b
SSDEEP

6144:0Ya6qfeaNVq78yPmAR6PAqqQ1hPP23xulTtZ3X3fCA:0YMmaS78yP3g4qxYeZ3XvCA

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

nes8

Decoy

simantsfamily.com

ninobrowndelivery.net

y94x.info

huibi01.vip

davidspanu.com

swegon.tech

moapulsa.com

coveredseguros.com

owltoon.site

loyalguardianop.com

banca-particulares.icu

innovativanimal.com

girlschools.top

smartbed-gb-tok.life

vhail.store

bluffdalecitizens.info

asmcpn.us

wordybag.online

smmfsa.com

jinglunqhd.com

Targets

- Target
  
  a44404aac23672009dc1d835f223d35b.exe
- Size
  
  293KB
- MD5
  
  a44404aac23672009dc1d835f223d35b
- SHA1
  
  31aee1e8489ef5b6033f24050ff309941f8f38b0
- SHA256
  
  1a82b5f2c6d3897569544939dfae30457d05924c8811f009d0cd1540319ea90c
- SHA512
  
  2a70e223ca53759418bb42caa5d90dee2629f18815035f4cb92296eddac284f8a4074cfc9efada30ab9c27305e14249d5cb3731ec18fc41fc87695a6ef04357b
- SSDEEP
  
  6144:0Ya6qfeaNVq78yPmAR6PAqqQ1hPP23xulTtZ3X3fCA:0YMmaS78yP3g4qxYeZ3XvCA
Score

10^/10

formbook nes8 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2