formbook

General

Target

78a84bac46aef38e745ddf44119e2d8207e35a1600eb35a9b22c4cc69c8c3e6c
Size

191KB
Sample

240830-2g3nyszhmm
MD5

e85053ffaa590f0e855f0aa950cb0cb0
SHA1

209ebc62f2763d8ddf5c1b91a954c1f6348c61c3
SHA256

78a84bac46aef38e745ddf44119e2d8207e35a1600eb35a9b22c4cc69c8c3e6c
SHA512

62cee7d8b69318b657fe4e34c35efd0faa12fc0541ea5ac9dbcbc675ee942e97aab601bd02c1e7878c19088d53f2db8bf57da067fac5f7b24d6c3c4364fcde31
SSDEEP

3072:ROq7OTZlvV3eToNNAoLfSqEyR/wgK/J6hLgqvjjuQtP0ne9lxG+cr58h4:pOTfd31XAykyR4gKR6FvXJP0n8rNh4

Score

10^/10

formbook pe discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.6

Campaign

pe

Decoy

ilikeshoping.com

websitetestingservices.com

tantradesoie.com

narcissistory.com

fapgame.net

iryrv.info

contextre.com

mosala24.com

alienpokeragent.com

lqjwq.com

musica.solar

tipsatransporte.com

kawanparjo.com

onsideadvisers.com

rpwfj.com

9ldhh.info

dancewithsalsadivina.com

resurfjeans.online

smoke-cicle.com

battery365.net

Targets

- Target
  
  299dd5c3192a96d29e2eacb650c5235a4aadc3e7ec921e89940fb77519700d66
- Size
  
  252KB
- MD5
  
  140c67ee8edcfc2c04ea4312e95f80e0
- SHA1
  
  6bed70dbf578dbb8befc44987ad8b5784a5dafb0
- SHA256
  
  299dd5c3192a96d29e2eacb650c5235a4aadc3e7ec921e89940fb77519700d66
- SHA512
  
  0b2c4a2cc7acce08738e30dd4616f4a32fc187042ffb0c9b8412dad56ee702fedc22581149d8eab6cf3e1da9953f698ca8053757a1daebeedd0087b596c27479
- SSDEEP
  
  6144:3lBfxXRVUCFo7xHJ7SmvHRVz4JmDlbiwv:33VUCFotHJ7SwnzHpl
Score

10^/10

formbook pe discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Drops startup file

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2