formbook

General

Target

order #393405.xls
Size

1.3MB
Sample

230815-ktthdabg7t
MD5

a913096f787c53f96a34dfff28a68ac1
SHA1

43ea14976d150ca3146c0fde2f44947df9e2f4af
SHA256

da1f2444a6a87363c210ff73a4111ccea458b1d35b2cbe7c1c54fa471c8f752f
SHA512

ec32f7db5917cfb7162d32386c3dd38cc1373a6635668c3ffe158130e8d4d1eeadb69ca0a6ee6fb9d09168b83e24f1b9ee923d96a7f668b2a9d09f0e3a32d81f
SSDEEP

24576:UaZy0w6VgjKaWlEzp7aUZydw6VzjKaWlEzp7azzd6f/b7QAUQp5E/zwwx:UE86VgjKjOzRJ6VzjKjOzEdU7/UX/zf

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sy22

Decoy

vinteligencia.com

displayfridges.fun

completetip.com

giallozafferrano.com

jizihao1.com

mysticheightstrail.com

fourseasonslb.com

kjnala.shop

mosiacwall.com

vandistreet.com

gracefullytouchedartistry.com

hbiwhwr.shop

mfmz.net

hrmbrillianz.com

funwarsztat.com

polewithcandy.com

ourrajasthan.com

wilhouettteamerica.com

johnnystintshop.com

asgnelwin.com

Targets

- Target
  
  order #393405.xls
- Size
  
  1.3MB
- MD5
  
  a913096f787c53f96a34dfff28a68ac1
- SHA1
  
  43ea14976d150ca3146c0fde2f44947df9e2f4af
- SHA256
  
  da1f2444a6a87363c210ff73a4111ccea458b1d35b2cbe7c1c54fa471c8f752f
- SHA512
  
  ec32f7db5917cfb7162d32386c3dd38cc1373a6635668c3ffe158130e8d4d1eeadb69ca0a6ee6fb9d09168b83e24f1b9ee923d96a7f668b2a9d09f0e3a32d81f
- SSDEEP
  
  24576:UaZy0w6VgjKaWlEzp7aUZydw6VzjKaWlEzp7azzd6f/b7QAUQp5E/zwwx:UE86VgjKjOzRJ6VzjKjOzEdU7/UX/zf
Score

10^/10

formbook sy22 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2