formbook

General

Target

fd498a1be2c83df884266ad732f7a3c4.exe
Size

304KB
Sample

230301-xjmnashc2s
MD5

fd498a1be2c83df884266ad732f7a3c4
SHA1

d75f3be9a3ab927ede5e4953a28c99e6b2584cec
SHA256

d79d4f61a8ac7e72f4b51fd872317a7d9feb84a46e47bebd09eb60c8a34ec057
SHA512

b1280bce16fb24c3b042eb391faf846da9cf3409ca6ac21d1f584b14c1f9737b7e7cf1fecf47b8ed49ab26df1f53af69972806a5656d7ae10adaa70005a93772
SSDEEP

6144:AYa6o14m7yrnRJFJ65+ITi8iUDQ8WjPPznEZK96pEapfXBHFK:AY2GRsQITWPnEZo6pXpPNk

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b07o

Decoy

rpalmerdecorating.co.uk

magellanalytics.net

28yorkave.com

woodburnershop.co.uk

jcw-media.com

helinica.com

yuaneju.com

akypan.top

cavidahome.com

annaswiatkowski.com

123findcapital.com

danielle.nyc

dhcons.click

ocnarf.co.uk

1wowoc.top

corbett.one

extersolutions.com

fcukart.com

fadaona.online

guangness.top

Targets

- Target
  
  fd498a1be2c83df884266ad732f7a3c4.exe
- Size
  
  304KB
- MD5
  
  fd498a1be2c83df884266ad732f7a3c4
- SHA1
  
  d75f3be9a3ab927ede5e4953a28c99e6b2584cec
- SHA256
  
  d79d4f61a8ac7e72f4b51fd872317a7d9feb84a46e47bebd09eb60c8a34ec057
- SHA512
  
  b1280bce16fb24c3b042eb391faf846da9cf3409ca6ac21d1f584b14c1f9737b7e7cf1fecf47b8ed49ab26df1f53af69972806a5656d7ae10adaa70005a93772
- SSDEEP
  
  6144:AYa6o14m7yrnRJFJ65+ITi8iUDQ8WjPPznEZK96pEapfXBHFK:AY2GRsQITWPnEZo6pXpPNk
Score

10^/10

formbook b07o rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2