formbook

General

Target

4d3cbcc07b14432bf98436ae31df7024dee670f6469f3aa5d0ebb0264d9900ad
Size

239KB
Sample

240826-1qmtesxcrd
MD5

54d01c526680d703fde81ea4e88d2265
SHA1

fb0d0120fdff3292ae5a2563eb4a78b4a8a4e506
SHA256

4d3cbcc07b14432bf98436ae31df7024dee670f6469f3aa5d0ebb0264d9900ad
SHA512

b0235cc19723a9e938d758109c3036e955034d0ae0385d7f50985e3437cf2049530f0e1cf05c464ffefffd3c1028cbf098a42a4c464003faa88e8197dd6c5bfb
SSDEEP

6144:cQqTsIO8SqRKElZ5E+CWP9RX7kdo2e8PaOmkYbgssVrht:ysrECu9lkdoMCbq

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

hdno

Decoy

tasteofsteak.com

lovedemingamerica.com

arizonaad.com

allbeautystation.com

theskinnybody.net

mywashbuddy.com

newspeak.watch

groomgarden.com

recommendproperty.com

pingshanhai.com

tianzeelectric.com

5335466.com

derbyescorts.com

quincyfreemannovels.com

ppeexchangeus.com

thesandcapital.com

natura.frl

twobonus.net

irx1.com

333lucky.net

Targets

- Target
  
  4d3cbcc07b14432bf98436ae31df7024dee670f6469f3aa5d0ebb0264d9900ad
- Size
  
  239KB
- MD5
  
  54d01c526680d703fde81ea4e88d2265
- SHA1
  
  fb0d0120fdff3292ae5a2563eb4a78b4a8a4e506
- SHA256
  
  4d3cbcc07b14432bf98436ae31df7024dee670f6469f3aa5d0ebb0264d9900ad
- SHA512
  
  b0235cc19723a9e938d758109c3036e955034d0ae0385d7f50985e3437cf2049530f0e1cf05c464ffefffd3c1028cbf098a42a4c464003faa88e8197dd6c5bfb
- SSDEEP
  
  6144:cQqTsIO8SqRKElZ5E+CWP9RX7kdo2e8PaOmkYbgssVrht:ysrECu9lkdoMCbq
Score

10^/10

formbook hdno discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fccff8cb7a1067e23fd2e2b63971a8e1
- SHA1
  
  30e2a9e137c1223a78a0f7b0bf96a1c361976d91
- SHA256
  
  6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
- SHA512
  
  f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
- SSDEEP
  
  192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4