formbook | facc651f7697bb357b528e0fdcbfcb0601abcaad0f2bd31eee54792aa8ee66e3 | Triage

Sharing

General

Target

036
Size

228KB
Sample

230323-wssp8sbc7y
MD5

dc27e4474182fe41de857278c2488574
SHA1

0b5b93dc9e3389de1a3d04c4d03fa5c0532aef1e
SHA256

facc651f7697bb357b528e0fdcbfcb0601abcaad0f2bd31eee54792aa8ee66e3
SHA512

9025ad32d289464770182ce597838a1a0c79aff8a337c0e9a3a5ecf4f7343f24029a7551c6a6559d36a6e4e624429241445984ef5e987c88952eb87529f01fed
SSDEEP

6144:lPXIpTjhnEtGLHJR0EQ88WuxXSnlJNEzoSF3/t22qZrAx/:apStGLHJRC8dnlnDS1H8M

Score

10^/10

formbook xcl rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

xcl

Decoy

sewingtherose.com

thesmartshareholder.com

afasyah.com

marolamusic.com

lookupgeorgina.com

plataforyou.com

dijcan.com

pawtyparcels.com

interprediction.com

fairerfinancehackathon.net

thehmnshop.com

jocelynlopez.com

launcheffecthouston.com

joyeveryminute.com

spyforu.com

ronerasanjuan.com

gadgetsdesi.com

nmrconsultants.com

travellpod.com

ballparksportscards.com

Targets

- Target
  
  036
- Size
  
  228KB
- MD5
  
  dc27e4474182fe41de857278c2488574
- SHA1
  
  0b5b93dc9e3389de1a3d04c4d03fa5c0532aef1e
- SHA256
  
  facc651f7697bb357b528e0fdcbfcb0601abcaad0f2bd31eee54792aa8ee66e3
- SHA512
  
  9025ad32d289464770182ce597838a1a0c79aff8a337c0e9a3a5ecf4f7343f24029a7551c6a6559d36a6e4e624429241445984ef5e987c88952eb87529f01fed
- SSDEEP
  
  6144:lPXIpTjhnEtGLHJR0EQ88WuxXSnlJNEzoSF3/t22qZrAx/:apStGLHJRC8dnlnDS1H8M
Score

10^/10

formbook xcl rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookxclratspywarestealertrojan