formbook

General

Target

5684da48d589acc2af548093f52ca9b00e43df94120a1503d2120a65b416a59b_JC.zip
Size

228KB
Sample

230820-n7pccsfd89
MD5

0c96a12b154bd20e260582b1c88b859b
SHA1

53705f8c0c8da8698927026d57e42e9c6fa8166c
SHA256

5684da48d589acc2af548093f52ca9b00e43df94120a1503d2120a65b416a59b
SHA512

5ef4029aebc064387ab6456d7a4bf0df930cb1d86920d147a7771458b28f63a8aa06484aa917abc66d806f6f37c8f9b24911e0980fc1916016710efb49cbcab8
SSDEEP

6144:XYWsqZ8wA9lQtnM8q/86VlzoUJI0li7eUezHCFJE9Sm:TZ8wAbQtnQr7JikAeUeLC8T

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn26

Decoy

resenha10.bet

gulshan-rajput.com

xbus.tech

z813my.cfd

wlxzjlny.cfd

auntengotiempo.com

canada-reservation.com

thegiftcompany.shop

esthersilveirapropiedades.com

1wapws.top

ymjblnvo.cfd

termokimik.net

kushiro-artist-school.com

bmmboo.com

caceresconstructionservices.com

kentuckywalkabout.com

bringyourcart.com

miamiwinetour.com

bobcatsocial.site

thirdmind.network

Targets

- Target
  
  TRF_USD 23,480.25.exe
- Size
  
  242KB
- MD5
  
  7839c9d8c615fed9d0c94ad49412b684
- SHA1
  
  ae4eb463d856711a18065d6a44b7a8eb8f1a0132
- SHA256
  
  c7a97adeda6255f93fc115edfd254b5224deedb177a6100354ac6226ad42b9f2
- SHA512
  
  7e56651130a706b8923fd9d89e16740d214031d6291d93d2217222f3572db19b04c69c2ab3fc4bb2e395ede612bce6accc42e155123375edab3abd42918e46ab
- SSDEEP
  
  6144:/Ya6HcIbHBu8wA9lQVnM8q/8kVlzoU5I0li7eUezHCcJE9Sn:/YtDr48wAbQVnQL7JSkAeUeLC50
Score

10^/10

formbook sn26 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2