formbook

General

Target

4529E2AB64AC12AC15D2F662938A68C49DD7707C9F5F9A11C2CD0B775FC9168C
Size

249KB
Sample

230518-ccxvgaha63
MD5

85e12606e7896169618c3165b1f8b541
SHA1

33e9f36d70e329699ac2fdbec47d981206802192
SHA256

4529e2ab64ac12ac15d2f662938a68c49dd7707c9f5f9a11c2cd0b775fc9168c
SHA512

d991efe6cb521e8212194323268ce1e590c8372fcf823758d89df76587911ab7ea1b6d35984537165de1302752bb94c3045d87f8a6d746463fe8bfaee068da10
SSDEEP

6144:KjT5pXZ82qC84EyBX4aeXdzj+EVwFc6GOwiExWljH1bsf39d:KZte2eCBoaetzpVQcB+H1bsT

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

re29

Decoy

barnstorm-music.com

gazzettadellapuglia.com

baratieistore.space

cdrjdkj.com

carlissablog.com

langlalang.com

2886365.com

aq993.cyou

jwjwjwjw.com

car-deals-80304.com

dikevolesas.info

buycialistablets.online

theplantgranny.net

detoxshopbr.store

imans.biz

fightingcock.co.uk

loveforfurbabies.com

eastcoastbeveragegroup.com

alaaeldinsoft.com

microshel.com

Targets

- Target
  
  rocee6632.exe
- Size
  
  264KB
- MD5
  
  49490781256eb385d2331df5a69dc140
- SHA1
  
  8d4c961f6c10bda804b5d29923f937848f0c6915
- SHA256
  
  541e5e1932882d5833cbc39c7ab81d4faeba4a9fe4b915530be3533d0269cc99
- SHA512
  
  8bccf328813842e72688295438b38e080ffc2a8b39ac2349c29611616398f2aa2e3832ce7ca6368bea5b2d5890f5d598906bcf1e95d8dc89e3dd48fee3d69c6a
- SSDEEP
  
  6144:/Ya6+/+2b3/J5PMIId8xUCpdlHcrm4WqmxHppCXk:/YonnW8ye7HOm3qmxJpCXk
Score

10^/10

formbook re29 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2