formbook

General

Target

rDHL_AWB_907853880911.exe
Size

689KB
Sample

230802-tgr88afe23
MD5

00e2917356ad724e3f79e42da2b9b92d
SHA1

e564ed8660919c10570fbad143ffd1333b81fb47
SHA256

80c33b55bc86034d5aa09175c45672e6bd847ed97938512772926f0d9285dce4
SHA512

0feb020dca29a31ec7bf0e6ba21bfb80c3b6541b92afc382594058de338536aa535c1dfe16346e400e786b29e0deec65d904c70643e93985724a7fdb01f25327
SSDEEP

12288:W5MYNp8wGcM1iwYa3ZOVv5A1zoiGz5BNvS9x8Z9YzzjbN:W6MuWa3ZOnIzoPz5BI9x8/

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

f1w6

Decoy

yourcomplexproject.com

ceoclubonline.com

omkararts.com

oldiefans.info

kalendrgptapp37.com

expetowing.com

531008.com

shguojibu.com

proartesmarciales.com

mlo564.xyz

canada-topsales.com

your-local-girls.info

hitroader.com

hoagiepalooza.site

wallstreetbull.online

pw786.vip

salamcleaning.com

carbon-cars.com

playacabarete.net

ifgfunds.com

Targets

- Target
  
  rDHL_AWB_907853880911.exe
- Size
  
  689KB
- MD5
  
  00e2917356ad724e3f79e42da2b9b92d
- SHA1
  
  e564ed8660919c10570fbad143ffd1333b81fb47
- SHA256
  
  80c33b55bc86034d5aa09175c45672e6bd847ed97938512772926f0d9285dce4
- SHA512
  
  0feb020dca29a31ec7bf0e6ba21bfb80c3b6541b92afc382594058de338536aa535c1dfe16346e400e786b29e0deec65d904c70643e93985724a7fdb01f25327
- SSDEEP
  
  12288:W5MYNp8wGcM1iwYa3ZOVv5A1zoiGz5BNvS9x8Z9YzzjbN:W6MuWa3ZOnIzoPz5BI9x8/
Score

10^/10

formbook f1w6 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2