formbook

General

Target

9123b739b8d3d1c2f5a3dabf8c358c77175422d0e83f5edadc7584bd50eb484c.zip
Size

225KB
Sample

230308-mkr93afa8y
MD5

f65734b5c676a28024afec1bbec46e9f
SHA1

dac543511b0751ccaeac8c51b7a6f9898a14231f
SHA256

1c9b6b93ad7226b05cbb54ac2be814395269877ed8d48e2d22fd06318d0139fc
SHA512

823395c9e822efc6b39f5f4cc32fbcdc436eb1b8fe4ace3aa51ea40863e7cb2c13a0fc26c553b56e50cecb59446d6a6445b6328e9ef56a8e86c2f04a5b0d020b
SSDEEP

6144:BrNIJnBezxyXkvqJJquNufZxQ0SY/Obpd:wJBezcXoq7uDQ0S5

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bn26

Decoy

juweipai.com

assurance-mon-espace-sante.com

robqq.com

ablindear.com

socialmonkeys.co.uk

learningworldtech.com

imprese-it.com

themoodcollectives.africa

lutonmethodists.org.uk

castawaycovebnb.com

caronthemove.com

carolinacastro.uk

dcfashionweekintl.com

branchbasicsa.com

drpatrickakinsanya.africa

inventourownfuture.com

applege.top

whatamitiredof.com

daphan.pics

gardenstatevinyl.net

Targets

- Target
  
  9123b739b8d3d1c2f5a3dabf8c358c77175422d0e83f5edadc7584bd50eb484c.exe
- Size
  
  264KB
- MD5
  
  c1a8c992aac5a10c6ca89cedb772d567
- SHA1
  
  99ad74abf2717a297260df450e105e8a40cd16fc
- SHA256
  
  9123b739b8d3d1c2f5a3dabf8c358c77175422d0e83f5edadc7584bd50eb484c
- SHA512
  
  cb3f735fa6f68fca72e596a658db049141ce2319b718df578f755efc9d2f302c1b3407e1a6190d3dee1c4c67f7a33e2440dc117f4cfef16301f2e1c303fed450
- SSDEEP
  
  6144:gYa6+YxKBm16Bj9lWAbkKXVa9S02ZVh2Qs/cEpeXzhdGZbghHrOSh:gYI7maj9tk9Svu/cW0zhsKhFh
Score

10^/10

formbook bn26 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2