formbook

General

Target

1f30b513d1315b7a9432f9cf2937d5c4728455fbd7c681a552b94f57a849757c.zip
Size

1.1MB
Sample

231022-vksjtsbc5w
MD5

7c18b3e97f2435e17ca256559d1ee81e
SHA1

718b8c8432aa23cb02dfffff9fbae642a621d60b
SHA256

07007e2563d4675d4301ad0d24d3c44da7fcd5bc0c09714abfbafba9a4d02152
SHA512

ab3593f79782168cdb17f436164b8756e9c68b9fedba7a25967ad0f1354692bac53972588de1454354d3e55dac3ffe8d30d576cfd939e38568798ca325978d04
SSDEEP

24576:CQc+5P4/zI9SuCkRAkBKucPo3YEdWcp70VL/qIVC7fkVurGjH+vZuhaokZDd:Cq5P4/zI9YWNBKuc8ccSLCCCgV+Gjev9

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sy22

Decoy

vinteligencia.com

displayfridges.fun

completetip.com

giallozafferrano.com

jizihao1.com

mysticheightstrail.com

fourseasonslb.com

kjnala.shop

mosiacwall.com

vandistreet.com

gracefullytouchedartistry.com

hbiwhwr.shop

mfmz.net

hrmbrillianz.com

funwarsztat.com

polewithcandy.com

ourrajasthan.com

wilhouettteamerica.com

johnnystintshop.com

asgnelwin.com

Targets

- Target
  
  1f30b513d1315b7a9432f9cf2937d5c4728455fbd7c681a552b94f57a849757c.xls
- Size
  
  1.5MB
- MD5
  
  71368866925c23e35d340705fae95002
- SHA1
  
  8b2e76a61f33f053eb4fc2f2bc3600917e7d1d09
- SHA256
  
  1f30b513d1315b7a9432f9cf2937d5c4728455fbd7c681a552b94f57a849757c
- SHA512
  
  6bddbc8a6824bf2d7137042b762da78d8c02e6756f488003a8d142cc7b111720710f4f31034e8d9c1dca33847ac822a9ed81d2e97f647d0708ddb5db271461f6
- SSDEEP
  
  24576:cWQmmav30xrmZy3w6VA3bVNRFZyVw6VC3bVG4nvsLtbtecTQ5WWkK3q/0wkex:xQmmQ309wP6VA3bVDN6VC3bV25tBTTKg
Score

10^/10

formbook sy22 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

3

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2