formbook | 85259a321d6b1d54bae58397546222f0cf4584467240f0cbcdb7445577b66510 | Triage

Sharing

General

Target

85259a321d6b1d54bae58397546222f0cf4584467240f0cbcdb7445577b66510
Size

286KB
Sample

230322-x3zrzacg81
MD5

78a95a8cb18e37d6565520be5e8013c4
SHA1

36557486465d9d133f2ea5aceaec9731f0663f91
SHA256

85259a321d6b1d54bae58397546222f0cf4584467240f0cbcdb7445577b66510
SHA512

7a811797afff6e82082296a10e5f3135340f126d1230bc15983737c0363c082b8bf7651d0732d85f89c5d08e13177fed789851c6402444c4dc794ee68d90be44
SSDEEP

6144:AYa66rPn6SbiaFiPvZNU2tpErTwf4ceMXIECWoqgruCRnMti4oZQ:AYsrPn6Mia4PXU2tpswfx4WvCRwoZQ

Score

10^/10

formbook bn26 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bn26

Decoy

juweipai.com

assurance-mon-espace-sante.com

robqq.com

ablindear.com

socialmonkeys.co.uk

learningworldtech.com

imprese-it.com

themoodcollectives.africa

lutonmethodists.org.uk

castawaycovebnb.com

caronthemove.com

carolinacastro.uk

dcfashionweekintl.com

branchbasicsa.com

drpatrickakinsanya.africa

inventourownfuture.com

applege.top

whatamitiredof.com

daphan.pics

gardenstatevinyl.net

Targets

- Target
  
  85259a321d6b1d54bae58397546222f0cf4584467240f0cbcdb7445577b66510
- Size
  
  286KB
- MD5
  
  78a95a8cb18e37d6565520be5e8013c4
- SHA1
  
  36557486465d9d133f2ea5aceaec9731f0663f91
- SHA256
  
  85259a321d6b1d54bae58397546222f0cf4584467240f0cbcdb7445577b66510
- SHA512
  
  7a811797afff6e82082296a10e5f3135340f126d1230bc15983737c0363c082b8bf7651d0732d85f89c5d08e13177fed789851c6402444c4dc794ee68d90be44
- SSDEEP
  
  6144:AYa66rPn6SbiaFiPvZNU2tpErTwf4ceMXIECWoqgruCRnMti4oZQ:AYsrPn6Mia4PXU2tpswfx4WvCRwoZQ
Score

10^/10

formbook bn26 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookbn26ratspywarestealertrojan