formbook

General

Target

Sipariş 5035.exe
Size

330KB
Sample

231012-pbjmnshd5z
MD5

38b08db0e93a868942dbdbf2d48fca7e
SHA1

2c70b7fed8ac61f0457dc7a0b16d16d240e4cf93
SHA256

ec45ebce734d9a8be961529c08e9de4b192ffd26ea3c2fb76aaf2a1b61e01146
SHA512

c8c6c45b80f801ae64195ae259df498367ac576ed369fd85620fad8af0f1ff09cf09ba0efb433bf65d105b25a2a2052bf4925c7a5d36ea9536a8dd97513995ed
SSDEEP

6144:/Ya6Ci59VF5Ch4HhaOtcRVEUvvYtmE9QmROYXJQN+sQIB9GvCjvta:/Yci59VLCZOtaVTSmXGrJQNYMUC0

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k13s

Decoy

runbe.fun

factrip.com

zalenterprises.net

yoyufoods.com

soniakmahajan.com

jdfdht.site

provenimpact.net

hotelsmadridairport.com

avondalemclarenparts.com

champagnepelissot.com

dqnshtvn.click

barbarahensonrealestate.com

jrys117.top

amb168g.pro

zionsystem.live

highcaliberhusbands.com

dsc-marketing.com

outlemax.com

legalloanmaster.com

sky71.link

Targets

- Target
  
  Sipariş 5035.exe
- Size
  
  330KB
- MD5
  
  38b08db0e93a868942dbdbf2d48fca7e
- SHA1
  
  2c70b7fed8ac61f0457dc7a0b16d16d240e4cf93
- SHA256
  
  ec45ebce734d9a8be961529c08e9de4b192ffd26ea3c2fb76aaf2a1b61e01146
- SHA512
  
  c8c6c45b80f801ae64195ae259df498367ac576ed369fd85620fad8af0f1ff09cf09ba0efb433bf65d105b25a2a2052bf4925c7a5d36ea9536a8dd97513995ed
- SSDEEP
  
  6144:/Ya6Ci59VF5Ch4HhaOtcRVEUvvYtmE9QmROYXJQN+sQIB9GvCjvta:/Yci59VLCZOtaVTSmXGrJQNYMUC0
Score

10^/10

formbook k13s rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2