formbook

General

Target

MTCN TELLER RECEIPT.exe
Size

237KB
Sample

230314-lwmchsgg4x
MD5

f9726a7a881f7182123ee36679c4d09b
SHA1

53b28856a51b66195ff4a3b799642b8d1f7025db
SHA256

9472d7a4e6028ef04c5b1a1a57844a3198229bd209b68c1d3534123e4fad8fb2
SHA512

1ea087c3d7311dbd07eeb03c4ca9ef37236fac517f11a305849ab022b8645baffd947d9e794f0418b6050a25f4a3b8f35137ad5f76591cb10e526df04050ac02
SSDEEP

6144:/Ya6i74F0L4ddME6oV38O0+yn9utn3HND:/YUcmL4X6oB8O0+Nt3HND

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ke03

Decoy

fastartcustom.com

ikanggabus.xyz

aevum.ru

lacarretapps.com

arcaneacquisitions.net

fuulyshop.com

bloodbahis278.com

bullardrvpark.com

cowboy-hostel.xyz

empireoba.com

the-windsor-h.africa

help-desk-td.com

dofirosols.life

efefarmy.buzz

kewwrf.top

autoran.co.uk

moodysanalytics.boo

kulturemarket.com

ffwpu-kenya.com

heykon.com

Targets

- Target
  
  MTCN TELLER RECEIPT.exe
- Size
  
  237KB
- MD5
  
  f9726a7a881f7182123ee36679c4d09b
- SHA1
  
  53b28856a51b66195ff4a3b799642b8d1f7025db
- SHA256
  
  9472d7a4e6028ef04c5b1a1a57844a3198229bd209b68c1d3534123e4fad8fb2
- SHA512
  
  1ea087c3d7311dbd07eeb03c4ca9ef37236fac517f11a305849ab022b8645baffd947d9e794f0418b6050a25f4a3b8f35137ad5f76591cb10e526df04050ac02
- SSDEEP
  
  6144:/Ya6i74F0L4ddME6oV38O0+yn9utn3HND:/YUcmL4X6oB8O0+Nt3HND
Score

10^/10

formbook ke03 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2