formbook

General

Target

22ca610098805557434a4b2810329689.bin
Size

1.9MB
Sample

231117-bqklmacg73
MD5

2fedbdc13c6236b00d913c02253bfd86
SHA1

bd2926f72ef483023823882bbfa989417ea649d7
SHA256

127e769d7c6587fed646fe52712032fcd483df248fa23c81614bbccf3a534279
SHA512

0047d542c301d0117d4aad7336b97b0cbd2199d961172ef7fefc59b99d40fae795b94fb19be1832bf0179baac8b35783558e6bfe4a93695220c95d32310b35e1
SSDEEP

49152:oMvW4a0Gc2A30kPd7FP2HAyfdjxz8hcsNh3:hW4a/c2A3LF1AAifzaH3

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

tb8i

Decoy

097jz.com

physium.net

sherwoodsubnet.com

scbaya.fun

us2048.top

danlclmn.com

starsyx.com

foxbox-digi.store

thefishermanhouse.com

salvanandcie.com

rykuruh.cfd

gelaoguan.net

petar-gojun.com

coandcompanyboutique.com

decentralizedcryptos.com

ecuajet.net

livbythebeach.com

cleaning-services-33235.bond

free-webbuilder.today

pussypower.net

Targets

- Target
  
  ad208fe787c74f455a317a5050c3462c8236ed6e3c58f9c6082147ca09902335.xlsx
- Size
  
  1.9MB
- MD5
  
  22ca610098805557434a4b2810329689
- SHA1
  
  23cf1f231d4b1a53416c3f72accbe8e21b4b1fc3
- SHA256
  
  ad208fe787c74f455a317a5050c3462c8236ed6e3c58f9c6082147ca09902335
- SHA512
  
  a333f8b243c5482302857834f185d934dc6f149b587e40ae41fc30e61936f0fb4c55d0c543f590dcf714fc688abfb018655c86c1e2c10d8ead393ec66b06e910
- SSDEEP
  
  49152:0kVgTbHTs6oLbLvnlfRzlPlJfhQKyd2jgC0c+QXjI2yD:2TzTdoLbLvFRzljJed21+yjIB
Score

10^/10

formbook tb8i rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

3

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2