formbook

General

Target

DHL SHIPPING DOCS MAWB 607-33268616 HAWB FRA-27756732 ADSB PO 202422070.exe
Size

1.2MB
Sample

240919-pncpwsyarc
MD5

9c3fbbedcc5f9f68c4b1a4d8b63d569f
SHA1

b5e1020fc531bbb3bd330866b4498344397ec8f2
SHA256

729b60f2006a096d775e891d0f083927f301cccd8fd5fcd1726c4c65f3cabd44
SHA512

aaf7e60caacefe5087e3b3f16e92253c9f003e4eb0a06a1226d96baf010c7a1e77b985ba6e5754fe497314cf910cdac56175d8b07e8ec7136d7207c490070325
SSDEEP

24576:lCdxte/80jYLT3U1jfsWaTXcFNCGvDpbJ/Sg+OhhLuMCQ:sw80cTsjkWaTXcyGxJJ+ObLH

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k94g

Decoy

nstandgoz.xyz

dhd-treatment-37310.bond

13s-braces-us-ze.fun

umdona.shop

96ph803ql.bond

kka9max.net

corporate-10.xyz

edicalassistance869840.online

lobalresources-bh.xyz

3145978.xyz

ovdaawebsite.online

etting-thailand.net

icloud.xyz

poxk.shop

25ks-ls72510.cyou

women.info

iwyrfbfvhv9.asia

luratu.xyz

ffordable-power-charger.today

edanuryilmaz.xyz

Targets

- Target
  
  DHL SHIPPING DOCS MAWB 607-33268616 HAWB FRA-27756732 ADSB PO 202422070.exe
- Size
  
  1.2MB
- MD5
  
  9c3fbbedcc5f9f68c4b1a4d8b63d569f
- SHA1
  
  b5e1020fc531bbb3bd330866b4498344397ec8f2
- SHA256
  
  729b60f2006a096d775e891d0f083927f301cccd8fd5fcd1726c4c65f3cabd44
- SHA512
  
  aaf7e60caacefe5087e3b3f16e92253c9f003e4eb0a06a1226d96baf010c7a1e77b985ba6e5754fe497314cf910cdac56175d8b07e8ec7136d7207c490070325
- SSDEEP
  
  24576:lCdxte/80jYLT3U1jfsWaTXcFNCGvDpbJ/Sg+OhhLuMCQ:sw80cTsjkWaTXcyGxJJ+ObLH
Score

10^/10

formbook k94g discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

System Network Configuration Discovery

1

T1016

Internet Connection Discovery

1

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Drops startup file

Executes dropped EXE

Loads dropped DLL

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2