formbook

General

Target

063A9AD1E9E34E5F7321ABC616BC9F41DE518335E85F0E71534C4AF0B706E0A9
Size

222KB
Sample

230518-cdx7magb8w
MD5

77039d4eb4f04aa58712c4aef761d0e7
SHA1

cd2ac6124fd7fd253819dfae6c97d38f0af626b5
SHA256

063a9ad1e9e34e5f7321abc616bc9f41de518335e85f0e71534c4af0b706e0a9
SHA512

153581a029e2d4023d4dbeb4cbe0ca0fb4a936f2a250acae9a2fd744d6166e58abf8b94521f5639ff6ce48c4545b6dd747dca4bc3369de8d7ed24cec3e2eed37
SSDEEP

6144:TzgPEGujvlcnf6My68qAznb2azdViH7nbftOpOVRJe:T0Ppujvlciw8bz6aWbbtiS8

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

re29

Decoy

barnstorm-music.com

gazzettadellapuglia.com

baratieistore.space

cdrjdkj.com

carlissablog.com

langlalang.com

2886365.com

aq993.cyou

jwjwjwjw.com

car-deals-80304.com

dikevolesas.info

buycialistablets.online

theplantgranny.net

detoxshopbr.store

imans.biz

fightingcock.co.uk

loveforfurbabies.com

eastcoastbeveragegroup.com

alaaeldinsoft.com

microshel.com

Targets

- Target
  
  rockr9905.exe
- Size
  
  238KB
- MD5
  
  d16f5edec7de7c9b263ab7ff62a60459
- SHA1
  
  e82c3dc90322e46a8fbe6f29648394869246f5ca
- SHA256
  
  e407a4227243f0b4c73216becb3bd2b94648ef85dd52568d12e5ced2f5b9dc2d
- SHA512
  
  088fdb92d75316b4f40a057f7fa9fe01683b7373176f610cd70ec3ade3932ce69b395c2a206ae46b8d020db9ad94d7762ed0196f6f4136f80dd9d4290861efae
- SSDEEP
  
  6144:PYa6Hq+BjzHgjeJFLx+TVlYYhSYo+dSSq1/j:PY1ljzHyef+VyYhSY/d5qZ
Score

10^/10

formbook re29 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2