formbook

General

Target

ab7544b8607cc85b8e4c65a9e9a5b0647686ec9065184952e1c9cfe5d3b90921_JC.r00
Size

282KB
Sample

231010-wns57sfc9z
MD5

837352c855d67b0df001f44dd9a3d661
SHA1

2d80e8fcd86aa241c556e60783bf372fbef7fa12
SHA256

ab7544b8607cc85b8e4c65a9e9a5b0647686ec9065184952e1c9cfe5d3b90921
SHA512

09899feb415e319a1abef30afcc6397299b9ae0082e06155568848108f768defae12debfa7892232fc96cd9bdb65fb2d46329a02847e6e13de8bf02f3ab675ce
SSDEEP

6144:GDV0K8CuMyA6+FaJregiuU82KuJe4mmRGshM2qlq7vsDvkehiRGueXJrtIygdL:6V0/tMz6+FacgI8OkRsMNu0iRGueZrsd

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn26

Decoy

resenha10.bet

gulshan-rajput.com

xbus.tech

z813my.cfd

wlxzjlny.cfd

auntengotiempo.com

canada-reservation.com

thegiftcompany.shop

esthersilveirapropiedades.com

1wapws.top

ymjblnvo.cfd

termokimik.net

kushiro-artist-school.com

bmmboo.com

caceresconstructionservices.com

kentuckywalkabout.com

bringyourcart.com

miamiwinetour.com

bobcatsocial.site

thirdmind.network

Targets

- Target
  
  SWIFT Remittance pdf.exe
- Size
  
  296KB
- MD5
  
  1b63894113d19896d98e2d4b3a876da0
- SHA1
  
  0f7cbcb033ef92fc1a8d49a97830eb7d4051c5a1
- SHA256
  
  bbcaa127862b5b70b5a833b3136f431c03a9165dd0a4646ba78922ebcc7ebdc3
- SHA512
  
  bbe1be35468a6c3338736930e920589e5639c56b4924859090531c81132fcea76caa56a3586211bf5e9ff17fcf83434f603f07c4286c885f4bd86a84b6668551
- SSDEEP
  
  6144:pXFKo5lbxiFGiivJFTk+9IcRrekVn776yGhQMOfpk+6Nhopb:pXRb40FLTk+9L/pxwM76Nupb
Score

10^/10

formbook sn26 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2