formbook

General

Target

c36113ac380951204651c549f3eab824.bin
Size

321KB
Sample

230816-cphw3sed62
MD5

fc96cf7802dd4afc588dc88849f8946b
SHA1

7867d4d9b958e9d19c9ef56380c4c03c3b7a597f
SHA256

770ba746cb4a0b449ce9da5fe4b8a0310c2fb0661b1ab6a94ea1936783e4f59e
SHA512

a8028cbf794f035d4370904b08a3f10d7d78b0e0b0c18dcfe930d90f38ef5000bf1e8d473aa68d2bba1c0694f996f7ec6dc40ac7c0f9218f4dbd61e1b24254b5
SSDEEP

6144:yZdW6ffcf08yUsw5KEeKPG/mYMMpK/AINoe4KV118HHmf0UZp8wlW/Dj3:ynW6fEHHKHK+xLXe4K71qmf0UZ+TrL

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s27k

Decoy

barbecue-electrique.info

leaffonly.com

h-two-vision.com

milodongym.com

speakerboxstudios.com

s61wes7t5ak1.xyz

truthistanbul.xyz

noahmarean.com

innova-strategic.com

recetasfaciles.online

williamsburgpartners.com

rdrfa.icu

happyhedgehogpress.com

zielhomefurnishing.store

jscd66.com

totallyvaultworthy.com

hexagongroupusa.com

a990h5ipg0.top

arkamailers.com

eqpmjdcw.click

Targets

- Target
  
  afff63cf4baca4e2a5f58803754843aca7c75437c0cd7b0cb6b60efb72692fc9.exe
- Size
  
  463KB
- MD5
  
  c36113ac380951204651c549f3eab824
- SHA1
  
  80cbd1c320ffb13cdc6139ff66ea28e2fb38e4e1
- SHA256
  
  afff63cf4baca4e2a5f58803754843aca7c75437c0cd7b0cb6b60efb72692fc9
- SHA512
  
  9124fafcf82946ff1b2273601099c9a3b0db0bc9be55e488fb1ca9420af5a1be5935e4ca24cb6347c7baa69235aaa0410264107a1121c7c6b6b6f121180abe45
- SSDEEP
  
  12288:XYAEUfI55HxlJQ57Wl3ZmwZgE+YY0jV86:XYApkVQ5iJmwZg/0jV86
Score

10^/10

formbook s27k rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2