formbook

General

Target

csbdnquus.exe
Size

760KB
Sample

240806-vejdzayaqc
MD5

c431847b601038a906219f4429c30bf4
SHA1

2e31eb56b0bc1c655c8d86347398276067f0b15e
SHA256

f51db63fe8be8e59e25e8363e5930309e9a9148925e583da18ea7e31bc9b0a96
SHA512

84c19678c4be4a48c6759a396d93783143972ae0616ab23e6a9bb453c7ecd3c50d7fe0d3e1293e7146023cb4fc2767cbe75bd72ca51d2bb831d5ecb1c9e0104a
SSDEEP

6144:/Bz+lXZtn35VWFiGP8XJD/HobegCAStpL+kmNw0Fq2ecTY668wC1:/sZt35Vy85jubwt5Ln0D3Y4wU

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

2cur

Decoy

bedsireland.com

ant-coupon.com

dreamsconsultoria.com

ufologypublishing.com

zhenghelab.com

3c-passion-for-furniture.com

ristorantegadir.com

sxcigars.com

moss-solutions.com

uc-work.net

narutocoin.net

alettae.com

sheepnotes.com

stylemefrugal.com

equifaxsefurity2017.com

sanvalentinoday.com

islambrain.com

pahladvisors.net

tekno65.com

bets4affiliates.com

Targets

- Target
  
  csbdnquus.exe
- Size
  
  760KB
- MD5
  
  c431847b601038a906219f4429c30bf4
- SHA1
  
  2e31eb56b0bc1c655c8d86347398276067f0b15e
- SHA256
  
  f51db63fe8be8e59e25e8363e5930309e9a9148925e583da18ea7e31bc9b0a96
- SHA512
  
  84c19678c4be4a48c6759a396d93783143972ae0616ab23e6a9bb453c7ecd3c50d7fe0d3e1293e7146023cb4fc2767cbe75bd72ca51d2bb831d5ecb1c9e0104a
- SSDEEP
  
  6144:/Bz+lXZtn35VWFiGP8XJD/HobegCAStpL+kmNw0Fq2ecTY668wC1:/sZt35Vy85jubwt5Ln0D3Y4wU
Score

10^/10

formbook 2cur discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2