formbook

General

Target

d316934fbbc328ee5764cc3ffad8342ebb530df25f43e3f46e0e27fcc8f7067f_JC.exe
Size

835KB
Sample

231004-w6wn2sdh8y
MD5

33ffe47617ab65e5fbb0b2eedf0b5b4e
SHA1

394351007b7fa83b84a30c66b84083ba9af66410
SHA256

d316934fbbc328ee5764cc3ffad8342ebb530df25f43e3f46e0e27fcc8f7067f
SHA512

b73e46c09c42c4196299e4787652991de3cc61ee869833a4b241d1222bbfbab9bd31e59533835a57fb15d221891ceac387d5a8e97cff918046fc84d81cdbe0cf
SSDEEP

24576:mk70TrcKMs8ftsubdunEtMif2Fo0VANdUKsm1:mkQTAZsubdunDif2F9Agw

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bz24

Decoy

paltran.com

convadesolutions.com

smyx9b.work

friggerio.com

jndyfjc.com

dm4im2q2.top

adamloweforpresident2020.com

grvtyindustries.com

lovelycacau.com

seqizi.net

xisl88.com

dateknightdelivered.com

celebsmoaic.online

patriciolawnlandscapellc.com

liqq.asia

solutions4educators.com

hybridrate.com

newseza.com

enfejbaz9jdfthea.click

bergstromchevymadison.com

Targets

- Target
  
  d316934fbbc328ee5764cc3ffad8342ebb530df25f43e3f46e0e27fcc8f7067f_JC.exe
- Size
  
  835KB
- MD5
  
  33ffe47617ab65e5fbb0b2eedf0b5b4e
- SHA1
  
  394351007b7fa83b84a30c66b84083ba9af66410
- SHA256
  
  d316934fbbc328ee5764cc3ffad8342ebb530df25f43e3f46e0e27fcc8f7067f
- SHA512
  
  b73e46c09c42c4196299e4787652991de3cc61ee869833a4b241d1222bbfbab9bd31e59533835a57fb15d221891ceac387d5a8e97cff918046fc84d81cdbe0cf
- SSDEEP
  
  24576:mk70TrcKMs8ftsubdunEtMif2Fo0VANdUKsm1:mkQTAZsubdunDif2F9Agw
Score

10^/10

formbook bz24 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Unsecured Credentials

1

T1552

Credentials In Files

1

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

.NET Reactor proctector

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2