formbook

General

Target

NEAS.a1fddb00947565e465e8b8a04c21eff0.exe
Size

471KB
Sample

231013-zb1w3adb5w
MD5

a1fddb00947565e465e8b8a04c21eff0
SHA1

d9d76e6c80006eff3436c1a7be6c75eb352fecd4
SHA256

bd70ea7d2a7e97435ffb39454f564f976843576e976e4f364b079580556f7171
SHA512

5f3c8f03d941a3977c94670f796e481d890a7cfb25e950b558cb01b35a412791ab0fb7868e217f1645ffd7457b52deb964bf27f75b11a2507809097653edf337
SSDEEP

6144:EXFKo5bWv1LkrtuHLgdwaY01sDlclnSmw9cPy0VgfHB7XkFocR/cc/F:EXPi1LgeLgdwauxcsnf0VWB7UFNh/F

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bz24

Decoy

qdjfbhto.top

bath-remodel-vanity.today

hnslrecepcao.com

plumakmno.com

lindicateurthailande.com

sparkconnectionfilms.com

metalbuildinghelp.com

ez3.xyz

mytuttor.com

ewm.lat

nailstorybynalini.com

yurybd.com

cosmosmidnightstables.com

fitnessfiends.store

xfc24.work

glfgfr.com

xuyich.com

rphfb.link

forclinks.site

toto88.run

Targets

- Target
  
  NEAS.a1fddb00947565e465e8b8a04c21eff0.exe
- Size
  
  471KB
- MD5
  
  a1fddb00947565e465e8b8a04c21eff0
- SHA1
  
  d9d76e6c80006eff3436c1a7be6c75eb352fecd4
- SHA256
  
  bd70ea7d2a7e97435ffb39454f564f976843576e976e4f364b079580556f7171
- SHA512
  
  5f3c8f03d941a3977c94670f796e481d890a7cfb25e950b558cb01b35a412791ab0fb7868e217f1645ffd7457b52deb964bf27f75b11a2507809097653edf337
- SSDEEP
  
  6144:EXFKo5bWv1LkrtuHLgdwaY01sDlclnSmw9cPy0VgfHB7XkFocR/cc/F:EXPi1LgeLgdwauxcsnf0VWB7UFNh/F
Score

10^/10

formbook bz24 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Blocklisted process makes network request

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2