formbook

General

Target

NEAS.19ed64f1815cac8c156ba7dc1a25e67860c3d8f73ef0989d864ffad98ea2dfddrar_JC.rar
Size

284KB
Sample

231006-p2k87abe6v
MD5

a91f49c8ed37e92b18b4d729ff9a6965
SHA1

59e7fe404d5e64cdfecd3e862a92c93fd4be19ea
SHA256

19ed64f1815cac8c156ba7dc1a25e67860c3d8f73ef0989d864ffad98ea2dfdd
SHA512

5a23b3e0dbf66123f174feef7560a62cd86a813e16643d16405febd24b92fa5a6ec50f0f05655bcf305e67091ef7f661b658b9bebb59cc2bb359e0b38e61d075
SSDEEP

6144:4iRJvh8eirSzmYS5ofP4EAy85sr+JKwu8MBs3Bgr4pxmub:DJJ8eirm/S5oH4EAr5lIwuVt4Hfb

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn26

Decoy

resenha10.bet

gulshan-rajput.com

xbus.tech

z813my.cfd

wlxzjlny.cfd

auntengotiempo.com

canada-reservation.com

thegiftcompany.shop

esthersilveirapropiedades.com

1wapws.top

ymjblnvo.cfd

termokimik.net

kushiro-artist-school.com

bmmboo.com

caceresconstructionservices.com

kentuckywalkabout.com

bringyourcart.com

miamiwinetour.com

bobcatsocial.site

thirdmind.network

Targets

- Target
  
  Transaction .exe
- Size
  
  299KB
- MD5
  
  5760c3d839f1444175bdd379c2cf7495
- SHA1
  
  d365bc5d708a69d0992e16209ebe0533b41ff4c2
- SHA256
  
  7da9294ba554d4c17ed9e4caac9836e303980814c7898b422ccde7a246ac26a5
- SHA512
  
  24305a47196ab911e1b026b6da28007366c2b7d1156df7ff40f5f49fd5ea2d1297caa217f6e3167756e10ba4080b9150ea2b441cc5ab067746914f1284e541d3
- SSDEEP
  
  6144:pXFKo5l67pu6bVkzrhYSAASLMWvgWF7DaHvOocNuZ:pXRS86b2z4OCGPiM
Score

10^/10

formbook sn26 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2