formbook

General

Target

NEAS.a0a6a1c54775713ad3e884b6bc49f2c74f393464a69175c8713221504ae6d72a.exe
Size

342KB
Sample

231115-vk48maeb5s
MD5

07ea9abe8aeda1c72f42967c7d9f475a
SHA1

5f495b957acc693e5019ee2ccb5a1f458286f67f
SHA256

a0a6a1c54775713ad3e884b6bc49f2c74f393464a69175c8713221504ae6d72a
SHA512

8cbdfc199506f980e282b93691bcf97b09d1d0617e9a533785a67f54e2ed267e0a957181deea3d958b46c48058531004a99456790cb1f24ba7455e9186fa2e53
SSDEEP

6144:wBlL/90OO8k3NWzK22YTzxAdhlpOxWe+mJ/0u4p6+zTV28BkvTXR:C/0Oe3NWh2dhoWG/0u4s+fyXR

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fs35

Decoy

latechdz.com

sdp-ploce.com

ss203.site

sm6yuy.net

needstothink.com

heginstwp.com

blueplumespirit.com

vemconferirshop.click

yorent-auto.com

eleononaly.com

medicalspacelocators.com

7law.info

imacanberra.online

bbtyss.top

onlyanfans.com

varenty.com

fappies.shop

313865.com

hongpools.com

babkacuisine.xyz

Targets

- Target
  
  NEAS.a0a6a1c54775713ad3e884b6bc49f2c74f393464a69175c8713221504ae6d72a.exe
- Size
  
  342KB
- MD5
  
  07ea9abe8aeda1c72f42967c7d9f475a
- SHA1
  
  5f495b957acc693e5019ee2ccb5a1f458286f67f
- SHA256
  
  a0a6a1c54775713ad3e884b6bc49f2c74f393464a69175c8713221504ae6d72a
- SHA512
  
  8cbdfc199506f980e282b93691bcf97b09d1d0617e9a533785a67f54e2ed267e0a957181deea3d958b46c48058531004a99456790cb1f24ba7455e9186fa2e53
- SSDEEP
  
  6144:wBlL/90OO8k3NWzK22YTzxAdhlpOxWe+mJ/0u4p6+zTV28BkvTXR:C/0Oe3NWh2dhoWG/0u4s+fyXR
Score

10^/10

formbook fs35 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2