formbook

General

Target

cc076ce160b654ecefb5e4de65f35dec.bin
Size

261KB
Sample

230818-cmaspagd2s
MD5

ae7e43348704149652a871570dffb5e1
SHA1

8cea26742fb54586ed8fd51810f637fbcb7401f8
SHA256

10be1621ffe8db54f1e69bf6362c525e9808d779ee278b7f7824e4a90ff83d93
SHA512

d47bce8f3d45d6e162ca4f8348aa977b6a2e1e2e20d3a8ddd7cfb8b118ac2b86eeaa6b36f153d3101f3a5c3f605f9da20a7c41fb04299dd01dc93c5332fbc06c
SSDEEP

6144:20PQPU7GIGurtB/g8yasV6/Wa1i63HQGm8TLglkF:2c9GIJrH9cKWQi63hTLgk

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn26

Decoy

resenha10.bet

gulshan-rajput.com

xbus.tech

z813my.cfd

wlxzjlny.cfd

auntengotiempo.com

canada-reservation.com

thegiftcompany.shop

esthersilveirapropiedades.com

1wapws.top

ymjblnvo.cfd

termokimik.net

kushiro-artist-school.com

bmmboo.com

caceresconstructionservices.com

kentuckywalkabout.com

bringyourcart.com

miamiwinetour.com

bobcatsocial.site

thirdmind.network

Targets

- Target
  
  Swift TT Copy pdf.exe
- Size
  
  274KB
- MD5
  
  becff9b703669062005159bd35dc315d
- SHA1
  
  042b87bb8d7f28e363a6f3de67d37b0cd4fdd1b9
- SHA256
  
  91407535cc5852ecae7889b9f034920694c733c9e47f89d08a470e32b9d31e13
- SHA512
  
  b68c24cd100e8b9a7c3972a22b13da4b75305cc433b4a083a4762228795f257b0a769497dde755f828bd53416b0d1ba93bfd5182922ff57ff7cf16e57f5c4cb4
- SSDEEP
  
  6144:PYa6x92BX0wKPBAfBiyrTOfYJVL2hTRiZQd:PYj9S0RPYHrbVL2h/d
Score

10^/10

formbook sn26 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2