formbook

General

Target

d67bc9de761645c9aa4b5669cd355f2fecde8b4e9b22f64f327f282754742031.zip
Size

343KB
Sample

230308-qgjejaed58
MD5

090e3b31ae2b205213ee59d73e5d3afe
SHA1

562ac82badd1cd99c0934ae2a0913694db807266
SHA256

38dbb7d9a2c526dcee3f3e75a846223cd505e544f69647cf02394cd41d2503f5
SHA512

2e38757d2002323e8e729d3bfe789bf2a2ea2c726e4d579cc69602f37ed005191542a467b0919f060f2199d008e8ce4dcc90a20a056204eb1edfa20daf8e48ae
SSDEEP

6144:SPBh17JIz4PyZzp7LbMfUiXYgW4GtZ6UWzZVJDdSsa91pxtQ99swWCD1nadD:s3AuyZzp7Lo8iaCUQ/cbpxOswpox

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vr21

Decoy

detrop.ru

bolacash.club

thezoidtv.africa

bigartgallerystudio.com

doshkoljata.ru

gamesdaybuddiessingles.com

zonlin.net

thehilltoplodges.co.uk

fcvip.club

amandacurtinnutrition.com

londonairporttaxies.com

graniteteammates.com

devthanhvo.site

kl-thelabel.com

a1choice.net

amzprod.com

iwaint.com

device-children.com

canada-immigration-72440.com

irsdev.ru

Targets

- Target
  
  d67bc9de761645c9aa4b5669cd355f2fecde8b4e9b22f64f327f282754742031.exe
- Size
  
  356KB
- MD5
  
  89638fe1a25c80932d9e4cb30238e194
- SHA1
  
  39e2ba0f53784ba65b1c5c33c7629447944390d0
- SHA256
  
  d67bc9de761645c9aa4b5669cd355f2fecde8b4e9b22f64f327f282754742031
- SHA512
  
  d2c8474b02dbab013bb1924826c27e04e32ac260a58ccc925624c65411628ba252992f9e7fdd931a961b18a75d0cb54289e14a36dda708a4ae7cb2d28719b801
- SSDEEP
  
  6144:/Ya6QPTmatecxGcFxZci7zQiJtMCnTiyaaMvJZEFST/WxHNQow:/YePTmat2cFcivxTvktvUS8eP
Score

10^/10

formbook vr21 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2