formbook

General

Target

0c39e0b72a86f6f3b7ce6518ac63d600N.exe
Size

1.1MB
Sample

240906-dtnhssterd
MD5

0c39e0b72a86f6f3b7ce6518ac63d600
SHA1

3b508a4bbed426e6da1eb4bf13cafc1a0638c8cd
SHA256

0a987a6654848f2f63a61c24995f9b930024af52816338bac970dcfa12ab9c0b
SHA512

01e7bf53e848b7b7a6c478f2fde684694efb509b371128dce4d1ba5737302025a289ec1e863dbb63a94db8d08cae8cafd315714847fd6b3e3dabd3d8918c4e1f
SSDEEP

24576:OqDEvCTbMWu7rQYlBQcBiT6rprG8a9Qz7cafsElU:OTvC/MTQYxsWR7a9u74

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dz16

Decoy

gravechill.com

goniu-6520.cyou

qbwlszmf.xyz

computingthecosmos.com

m327841.com

socradex.com

outsidewallornaments.com

emadkasndfg.top

khaleejmed.online

awaz.shop

sunkar.capital

unlimited-merch.com

deboenterprise.net

darma88win.shop

593785.com

flyingcakecompany.com

toyorgga.shop

vyrqjrwh.xyz

window-replacement-26046.bond

marucoin.live

Targets

- Target
  
  0c39e0b72a86f6f3b7ce6518ac63d600N.exe
- Size
  
  1.1MB
- MD5
  
  0c39e0b72a86f6f3b7ce6518ac63d600
- SHA1
  
  3b508a4bbed426e6da1eb4bf13cafc1a0638c8cd
- SHA256
  
  0a987a6654848f2f63a61c24995f9b930024af52816338bac970dcfa12ab9c0b
- SHA512
  
  01e7bf53e848b7b7a6c478f2fde684694efb509b371128dce4d1ba5737302025a289ec1e863dbb63a94db8d08cae8cafd315714847fd6b3e3dabd3d8918c4e1f
- SSDEEP
  
  24576:OqDEvCTbMWu7rQYlBQcBiT6rprG8a9Qz7cafsElU:OTvC/MTQYxsWR7a9u74
Score

10^/10

formbook dz16 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Drops startup file

Executes dropped EXE

Loads dropped DLL

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2