formbook

General

Target

Product Specifications xlsx.zip
Size

240KB
Sample

230828-m59pvadb51
MD5

7e246adc06d352f9750ba53c0b7fb1a8
SHA1

ed48eaf0a21212fd7ec4abc2039b78f0e0272552
SHA256

331b0c93b00a65e96d830a0bd21582a7ab4aebceed4913bbb09130b85a8198e4
SHA512

0c73517427185639c48d44f85f4152c287fcab94ff1666269510610da783640a31e26c6e88e962f40a81c60456f4740d00a10b666a978b90ac826a46d7dde14e
SSDEEP

6144:ud65FVbFG1czFmqDoGPupuieEJi8270VkFe8m4znusYtqByx:uMrFzzF7Dooupu9gpkE4zusYtyyx

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn26

Decoy

resenha10.bet

gulshan-rajput.com

xbus.tech

z813my.cfd

wlxzjlny.cfd

auntengotiempo.com

canada-reservation.com

thegiftcompany.shop

esthersilveirapropiedades.com

1wapws.top

ymjblnvo.cfd

termokimik.net

kushiro-artist-school.com

bmmboo.com

caceresconstructionservices.com

kentuckywalkabout.com

bringyourcart.com

miamiwinetour.com

bobcatsocial.site

thirdmind.network

Targets

- Target
  
  Product Specifications xlsx.exe
- Size
  
  254KB
- MD5
  
  ac43233dd5fe6d55c112660dc700e564
- SHA1
  
  2f431f411c707593f2f4bd67da5db2e9a9593778
- SHA256
  
  d93182b7b2c8633aa7f379efdc80aa778ecc0b59a01929bb10a02cd8349354d2
- SHA512
  
  a3fd81e3d3e4e7271ef1536e8f0c10c945780a916e168bd19bd67e03dd2a326b5910bf528220aa24ccd8799e02b50fbc30e953b3cde2c3d8a2c0dffd0278c770
- SSDEEP
  
  6144:/Ya6lEiLxFG1cz5mqDoGPuduieEJE827qVkF28m4znusYtq4yC:/Y3EUxFzz57Dooudu9A5ko4zusYtFyC
Score

10^/10

formbook sn26 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2