formbook

General

Target

F46B4AE770D908AC9D9EB047D7FC79609F6F33981F9B98E4544F7E65FD62A4C9
Size

267KB
Sample

230518-rx6enscf25
MD5

1265a3c0162daf43fef735c6dbf042dd
SHA1

3ba7c02f0e9f93684f2d100aa7758f5ef7c8350c
SHA256

f46b4ae770d908ac9d9eb047d7fc79609f6f33981f9b98e4544f7e65fd62a4c9
SHA512

96ebb8119a2adb735ce2746396a0a50274c9e8e83188659174c74fdfae3a670a1ab5099d49fcb59a90b03ec0339c78354a811799a3ec401c80dd460426fb7c83
SSDEEP

6144:rxvwj5WEKXdlRf4k9uCH1+T6XbXPn0hpDMfWhj7A7PitxzuKv4eR0ycAJPK:rxI5oXVA4nVOWn0497at1uKAeR0UJPK

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

re29

Decoy

barnstorm-music.com

gazzettadellapuglia.com

baratieistore.space

cdrjdkj.com

carlissablog.com

langlalang.com

2886365.com

aq993.cyou

jwjwjwjw.com

car-deals-80304.com

dikevolesas.info

buycialistablets.online

theplantgranny.net

detoxshopbr.store

imans.biz

fightingcock.co.uk

loveforfurbabies.com

eastcoastbeveragegroup.com

alaaeldinsoft.com

microshel.com

Targets

- Target
  
  rock997.exe
- Size
  
  281KB
- MD5
  
  770b0aa37f47b6bda2c4aa82b686afaf
- SHA1
  
  a7f4627372d3277b5456f2b4ff9f40aceb7db68c
- SHA256
  
  c02565873b8fe1fe3a19ee5bca4d03a861d4768f48f8816311792b7632c63107
- SHA512
  
  1839733c9d37692852f3c5e604e5f16c12313f0f937d1f3a055eecc787e6c1ed9037b16f7df1735e9a04a983b1ac05505dd48f36dff203a0765d08fdef02e0da
- SSDEEP
  
  6144:/Ya6Nfn8Qna97f4k9uCH1+TmXbXPT0hpDMfWhj7U7Pitx1uK54IR0ycAJPI:/Yv/8Qna97A4nVOCT04v7atLuKmIR0UO
Score

10^/10

formbook re29 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2