formbook

General

Target

EKSTRE.rar
Size

237KB
Sample

230609-tmha7scf23
MD5

df6e7742734d2c0e0109be0a519a66e0
SHA1

f327b48f796c848590b749f7e61b65f0efdd5960
SHA256

257a59a4dfa8c4bac83ea60dea8347c8ae85eb5726533064bc9ca68292462a19
SHA512

74199b7248d58fe4ec99de1e637cc51021db9c4b8b3a9418c9e2e7bf2ab7767a0021eb31e51fef99524c5a444d41666d3c31973511af85316c1e77b1b68c707a
SSDEEP

6144:kp4UBa8b2p4gJVXUOGmkgalEUbIlwjIEOTqP:kp4B8b2lDkOKlLJOTqP

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

t30k

Decoy

xatenwal.online

everythingbanker.com

woodhome.online

masturbatorzone.online

towertechnicians.com

7744100.com

teslatrust2x.com

bbctravels.com

33923.xyz

yhtiye.com

swiftpas.online

04eb.top

zvd.store

fdasdo.xyz

activaokers.net

ctsoapandcandles.com

buy149.com

junkremoval-az.com

hv870.vip

axumventures.com

Targets

- Target
  
  EKSTRE.rar
- Size
  
  237KB
- MD5
  
  df6e7742734d2c0e0109be0a519a66e0
- SHA1
  
  f327b48f796c848590b749f7e61b65f0efdd5960
- SHA256
  
  257a59a4dfa8c4bac83ea60dea8347c8ae85eb5726533064bc9ca68292462a19
- SHA512
  
  74199b7248d58fe4ec99de1e637cc51021db9c4b8b3a9418c9e2e7bf2ab7767a0021eb31e51fef99524c5a444d41666d3c31973511af85316c1e77b1b68c707a
- SSDEEP
  
  6144:kp4UBa8b2p4gJVXUOGmkgalEUbIlwjIEOTqP:kp4B8b2lDkOKlLJOTqP
Score

3^/10
behavioral1 behavioral2
- Target
  
  rocee4908.exe
- Size
  
  253KB
- MD5
  
  f4b418fd85e7dcee1499a54e328923bb
- SHA1
  
  22b87e3b13681fd287cc27c8e6824db055edf86c
- SHA256
  
  73ce02f6b7c4c5109af4ad501aa9206bbfa5cf32bb8276ad06887c95279c907d
- SHA512
  
  946fdb6cf636c3cbd7e50e2dd2cbe0a1b33701303adb1f0643f67f499d490edbe390fac59a1bc2c3251839a35c31a0964ba693e0e608bf3e0eb589149cdce9d5
- SSDEEP
  
  6144:/Ya6zksqY8IFWfT89Y25GVBHSZ+gc8fPQdJja:/YhksqYPF6sGfHSAiIy
Score

10^/10

formbook t30k rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4