formbook

General

Target

NR ZAMÓWIENIA PRÓBNEGO 0001-pdf.exe
Size

561KB
Sample

230329-g8bz4afa83
MD5

abb44d8629dbbae4b307b638fa35c921
SHA1

91b9b648dfcc9261d3c0135eea5c4a9da4e87985
SHA256

55d12f1706d497912ee1c846004edea135577d7e2eb2246e9c439740be365643
SHA512

c6226f1c6634e11a48c79668df2229d43476d6dec9351da239bf9da58500751e584dccf3eea2aba77e881b2eb9c8b116843b0cee5a7d2af21db0561c4e1661a2
SSDEEP

12288:KTMY1ltUnHhjgUciLJDrLmuychLXK8WEu:KThtejgUci9DvgcM8Wh

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

il23

Decoy

woodlandwoodworking.net

kitchen-deals-69155.com

hiddendia.xyz

xelaxaste.uk

sproutstrive.com

avlulu124.xyz

g-starnetwork.com

a-avdeeva.com

filmart.top

bustime411.com

besyor.xyz

joulex.live

christmastempjobsfinder.life

cxrh-official.com

themuzzy.co.uk

joshisarena.africa

dental4family.com

dietsandsixpacks.co.uk

innovativedigest.com

flyingphoenix.club

Targets

- Target
  
  NR ZAMÓWIENIA PRÓBNEGO 0001-pdf.exe
- Size
  
  561KB
- MD5
  
  abb44d8629dbbae4b307b638fa35c921
- SHA1
  
  91b9b648dfcc9261d3c0135eea5c4a9da4e87985
- SHA256
  
  55d12f1706d497912ee1c846004edea135577d7e2eb2246e9c439740be365643
- SHA512
  
  c6226f1c6634e11a48c79668df2229d43476d6dec9351da239bf9da58500751e584dccf3eea2aba77e881b2eb9c8b116843b0cee5a7d2af21db0561c4e1661a2
- SSDEEP
  
  12288:KTMY1ltUnHhjgUciLJDrLmuychLXK8WEu:KThtejgUci9DvgcM8Wh
Score

10^/10

formbook il23 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Deletes itself
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Checks QEMU agent file

Deletes itself

Loads dropped DLL

Suspicious use of NtCreateThreadExHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2