formbook

General

Target

633ccb020bf31ee6dc2d876b157822ebdac8e73f7da640eb58102e6d233cbf2b_JC.exe
Size

394KB
Sample

231012-s676asbg64
MD5

3d7420d1cf88e1ffc6d0dd85314fbfb5
SHA1

00af90a66e1be8974ef99d2630e905213aa7548f
SHA256

633ccb020bf31ee6dc2d876b157822ebdac8e73f7da640eb58102e6d233cbf2b
SHA512

20e0a4bb331be0004c940875346394bfcb6f387dbf3800859512dd2ef5864b89d5d0d39e1856379b759f35a43756b95be4d32fe574cddb00dfb9a9d1cb47f761
SSDEEP

6144:hYa6KmnIocXHUsP93EQNjYDZiJL+JFX+z/Fpv9QQWCHtec1WtvpDi:hY0aIFJ2MkX+HvGCCTi

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ds19

Decoy

pribit-92.com

wrist-couture.com

alanka.company

uffitgvr.click

bwtsatotravel.com

anpmarketinginc.com

startupsvibes.com

shearabia.com

sayemail5.store

solsticeinstitute.com

perfectholidaydeals.com

xfitness.life

mmbs-ad.com

jacodile.com

hjpolastudio.com

healuu.com

agtwer.homes

installationschampions.info

bettys70th.com

sustainable-re.com

Targets

- Target
  
  633ccb020bf31ee6dc2d876b157822ebdac8e73f7da640eb58102e6d233cbf2b_JC.exe
- Size
  
  394KB
- MD5
  
  3d7420d1cf88e1ffc6d0dd85314fbfb5
- SHA1
  
  00af90a66e1be8974ef99d2630e905213aa7548f
- SHA256
  
  633ccb020bf31ee6dc2d876b157822ebdac8e73f7da640eb58102e6d233cbf2b
- SHA512
  
  20e0a4bb331be0004c940875346394bfcb6f387dbf3800859512dd2ef5864b89d5d0d39e1856379b759f35a43756b95be4d32fe574cddb00dfb9a9d1cb47f761
- SSDEEP
  
  6144:hYa6KmnIocXHUsP93EQNjYDZiJL+JFX+z/Fpv9QQWCHtec1WtvpDi:hY0aIFJ2MkX+HvGCCTi
Score

10^/10

formbook ds19 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2