formbook

General

Target

NEAS.NEAS982a9a52e532bbfe52941c4ab95c2899c1af75e9a3eee2b1977e3f49e8a3e71eexeexe_JC.exe
Size

324KB
Sample

231021-w7r29agg2t
MD5

a2acbc6d322c87a19747aae6cc1ea486
SHA1

00e2411d71b3d381cfe30ecf724cf87ae79129bc
SHA256

982a9a52e532bbfe52941c4ab95c2899c1af75e9a3eee2b1977e3f49e8a3e71e
SHA512

f1b3df6a1c441a52fcdfb99b435f98b9983a66be0ae518b6cd9e5d0f54b15bedc7cc316506c1417a0d76c857c1892fd2bbd53e1b08a641bdb25ddac456931dfb
SSDEEP

6144:XfL+oqzQat5qlz2JeOdc2Qs5B9dwejy0wHCE30RedG9Iskwpz3XJ:XfLiQaTq8LG2Hv9dwqyVP30Rec9kc

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dz01

Decoy

advisoros.com

harmonyhomeinteriorstx.net

nyhfqrqvxg.com

fugentrade.com

geasme.com

shopsolary.com

wildwasser.club

henryclarkandassociate.com

klodytb.xyz

jsjnbf.com

vivelosupport.com

dealflowrealestate.com

piabellacasino346.com

wdkilat.site

djpedrocruz.com

fmovies.coach

auroreal.com

1win-esw15.fun

hmdfxx.com

gems-spot.com

Targets

- Target
  
  NEAS.NEAS982a9a52e532bbfe52941c4ab95c2899c1af75e9a3eee2b1977e3f49e8a3e71eexeexe_JC.exe
- Size
  
  324KB
- MD5
  
  a2acbc6d322c87a19747aae6cc1ea486
- SHA1
  
  00e2411d71b3d381cfe30ecf724cf87ae79129bc
- SHA256
  
  982a9a52e532bbfe52941c4ab95c2899c1af75e9a3eee2b1977e3f49e8a3e71e
- SHA512
  
  f1b3df6a1c441a52fcdfb99b435f98b9983a66be0ae518b6cd9e5d0f54b15bedc7cc316506c1417a0d76c857c1892fd2bbd53e1b08a641bdb25ddac456931dfb
- SSDEEP
  
  6144:XfL+oqzQat5qlz2JeOdc2Qs5B9dwejy0wHCE30RedG9Iskwpz3XJ:XfLiQaTq8LG2Hv9dwqyVP30Rec9kc
Score

10^/10

formbook dz01 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2