formbook

General

Target

DHL Shipment Delivery Notification 27-9-23.r00
Size

308KB
Sample

231011-hw267aha4v
MD5

414af2fa03d933fe78c66163336038f1
SHA1

827cac0f53c099597014171f5e022a5c84eb78f8
SHA256

07daaf1983dc5ad5374f4776d4e1a3f74a8933891cf1b497129358702bdbc33a
SHA512

f0394d8deeca186156c4ee018215b5e2910368a9203c9f5ede2d4fc309805a6b02d4a8933279c7baa0b067df365f3cdd08d2058ce2e6d3ae96e5fe266770e866
SSDEEP

6144:QZUlD8IY50gzMQF8xkqLU4DhPh7cb9OtA/j8CuA1JUq0UnrFo:Qy8IC0gzM6iLUohZkdYZAIuFo

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn26

Decoy

resenha10.bet

gulshan-rajput.com

xbus.tech

z813my.cfd

wlxzjlny.cfd

auntengotiempo.com

canada-reservation.com

thegiftcompany.shop

esthersilveirapropiedades.com

1wapws.top

ymjblnvo.cfd

termokimik.net

kushiro-artist-school.com

bmmboo.com

caceresconstructionservices.com

kentuckywalkabout.com

bringyourcart.com

miamiwinetour.com

bobcatsocial.site

thirdmind.network

Targets

- Target
  
  DHL Shipment Delivery Notification 27-9-23.exe
- Size
  
  323KB
- MD5
  
  d500caad040c54a8a064bb1ae1e02277
- SHA1
  
  02f4722d98277480d4d128e3321f156e0471bdde
- SHA256
  
  c261ace97411301444d9dfa50d29f9a0328e83ddf45bf15128ad9d796d050461
- SHA512
  
  1898e9b94b4cd314327473063b3d800f5eb91a7b5044d72f801251c0a42c8211646974ddd753a0f80dfdc647a056032d3041d41ecec7a890bca78c6751c4cde3
- SSDEEP
  
  6144:BnPdudwDs9iDkylpSqHCJLYFn+dBfSVuMKdWKPcmr5tT/RIQzNfov32ZzjWusiD/:BnPdw9iAmpbHCJLQneBaW8KPc2tlIQzp
Score

10^/10

formbook sn26 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2