formbook

General

Target

INVOICE.exe
Size

237KB
Sample

230824-ghe9tsbh6v
MD5

0ee858a143b831660ad55a2fbf13a6e1
SHA1

f378acacb7da3fe89f0bb0df43776797084313cf
SHA256

cd56edf9ac230205c76045c5fabbbf68b28b011e066721e4f2b95653dc22a34c
SHA512

20a4385d61c6826299b9ff3e61b101a9a57d446c967f478458369d39d6d95e3ce23a0e595f46fe68470a972869104f91c7f3f69ac9248c6dac3f05a776fa80f3
SSDEEP

6144:vYa618FO4xhOTAuavp5J9t/rswGImsj+O6zFhfOB6myN9d/HnpEryOd:vYP8FzMT87J9N1ZB6JgcdN9d+rFd

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ds19

Decoy

pribit-92.com

wrist-couture.com

alanka.company

uffitgvr.click

bwtsatotravel.com

anpmarketinginc.com

startupsvibes.com

shearabia.com

sayemail5.store

solsticeinstitute.com

perfectholidaydeals.com

xfitness.life

mmbs-ad.com

jacodile.com

hjpolastudio.com

healuu.com

agtwer.homes

installationschampions.info

bettys70th.com

sustainable-re.com

Targets

- Target
  
  INVOICE.exe
- Size
  
  237KB
- MD5
  
  0ee858a143b831660ad55a2fbf13a6e1
- SHA1
  
  f378acacb7da3fe89f0bb0df43776797084313cf
- SHA256
  
  cd56edf9ac230205c76045c5fabbbf68b28b011e066721e4f2b95653dc22a34c
- SHA512
  
  20a4385d61c6826299b9ff3e61b101a9a57d446c967f478458369d39d6d95e3ce23a0e595f46fe68470a972869104f91c7f3f69ac9248c6dac3f05a776fa80f3
- SSDEEP
  
  6144:vYa618FO4xhOTAuavp5J9t/rswGImsj+O6zFhfOB6myN9d/HnpEryOd:vYP8FzMT87J9N1ZB6JgcdN9d+rFd
Score

10^/10

formbook ds19 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2