formbook

General

Target

ccac04114dca63da18b7f5bbb4b243630c0c0336a1c222dd9b46087dae66dfdf.exe
Size

268KB
Sample

240827-dmzmgszcmh
MD5

073d69b074ae7324ff0b8e49f3d1e5a6
SHA1

f032a64fea6e799b7654ed04a97ab59ef1ef09bd
SHA256

ccac04114dca63da18b7f5bbb4b243630c0c0336a1c222dd9b46087dae66dfdf
SHA512

3ae5e711490bd56ab988f2a9c5832d2c4b4f5bc66d75384a268b1323fb898356d04b13e5a95228194bdc16b833e6e56c2abf554cfc72d703700d0caf90029a70
SSDEEP

6144:zjgwH2tOwzHk+729OhFYMpvxYMO3OKuRBC10MoBu73m:owIOwzHZDheuv+Nx/1OZ

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s1k3

Decoy

magnumairways.com

solesmeasure.com

cryptogoldnugget.com

drescarrentalandtours.com

home0717.com

glolook.com

scriveriuspublishing.com

mysterybox.ltd

outdoorstoic.com

getmyhomeprice2day.com

khalilstylinghair.com

nedataflex.com

li-nao.com

huanansanxiao.com

nvadb.com

histreetadvisory.com

gohomerajapaksas.com

ditocco.net

717913.com

extra-hospitalier.com

Targets

- Target
  
  ccac04114dca63da18b7f5bbb4b243630c0c0336a1c222dd9b46087dae66dfdf.exe
- Size
  
  268KB
- MD5
  
  073d69b074ae7324ff0b8e49f3d1e5a6
- SHA1
  
  f032a64fea6e799b7654ed04a97ab59ef1ef09bd
- SHA256
  
  ccac04114dca63da18b7f5bbb4b243630c0c0336a1c222dd9b46087dae66dfdf
- SHA512
  
  3ae5e711490bd56ab988f2a9c5832d2c4b4f5bc66d75384a268b1323fb898356d04b13e5a95228194bdc16b833e6e56c2abf554cfc72d703700d0caf90029a70
- SSDEEP
  
  6144:zjgwH2tOwzHk+729OhFYMpvxYMO3OKuRBC10MoBu73m:owIOwzHZDheuv+Nx/1OZ
Score

10^/10

formbook s1k3 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  mqfvdjq.exe
- Size
  
  70KB
- MD5
  
  1375d6ebdb70a3099887a5e1ea4c9769
- SHA1
  
  1a2ed11d9428c34de0d60fdb2bb7c735e99d9382
- SHA256
  
  622e49fda8e46b80ebfef2b6d2180a9a425d07525b962e1e4471088431b183c2
- SHA512
  
  08b030d32251cd4879732cae94c86038d6970519c6efbc7356ddeebc000002a704170517e8a567f37b54238bc498756dc459da6323fe33ae7486a55de63f57e8
- SSDEEP
  
  1536:TSfyG8qhxb+q8AyMAtc8jpsWjcdRq6tl7:ayGt+qGhjWYKl
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4