formbook

General

Target

Payment.exe
Size

296KB
Sample

230526-scshrage4s
MD5

31808af627d36a5b02041a7d365945dd
SHA1

c486e4a71bf2ed2a44181062cc661e4f495174f1
SHA256

9b11fa3cfa0acdd01be3595fba22f7b38c333e7ec8da88228c971735913bb6f7
SHA512

60ee0ca493d3f12cfb43d82fa5d0be5b9c243fa1ba28b7432691375107e06622d2a708b7b04720508e5ddbb594c467b7e428b05a56962f28bd1bd48350f3e37a
SSDEEP

6144:0Ya6yPkz8b7PQE9piBvwcOp7di1hBcRP7WeCVmRgpC0YyXe4QH9cYeeDT0Nh:0YSkwbcVBJOp7diLBcRTGVmOpC7Ea+YM

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ui16

Decoy

hayfevertips.uk

dura-grass.com

eclsimsline.com

audiolibroprofesional.com

ieltspassion.foundation

coverdriveinsure.com

importainer.com

localcustomcurtains.net

bskduwuakkasndh.online

kraaftheinz.com

innovandotubelleza.online

ironandalders.com

howtolowerbloodsugarfast.com

wordpressbilimi.net

evoting.africa

ppecollect.co.uk

eileenfisherdeutschland.com

digitalprintcompanies.com

weblo.net

aws-awsnoona.icu

Targets

- Target
  
  Payment.exe
- Size
  
  296KB
- MD5
  
  31808af627d36a5b02041a7d365945dd
- SHA1
  
  c486e4a71bf2ed2a44181062cc661e4f495174f1
- SHA256
  
  9b11fa3cfa0acdd01be3595fba22f7b38c333e7ec8da88228c971735913bb6f7
- SHA512
  
  60ee0ca493d3f12cfb43d82fa5d0be5b9c243fa1ba28b7432691375107e06622d2a708b7b04720508e5ddbb594c467b7e428b05a56962f28bd1bd48350f3e37a
- SSDEEP
  
  6144:0Ya6yPkz8b7PQE9piBvwcOp7di1hBcRP7WeCVmRgpC0YyXe4QH9cYeeDT0Nh:0YSkwbcVBJOp7diLBcRTGVmOpC7Ea+YM
Score

10^/10

formbook ui16 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2