formbook

General

Target

03122024_1032_02122024_doc_2024120289986556.img
Size

1.5MB
Sample

241203-mla26s1ngx
MD5

5a37d454b4034edc069d3033152f297c
SHA1

52670cb50a75544392eb2747f532b15082a09f2d
SHA256

c5cd34b02edf4237ffc0f3cf349c323dbb4c4e86c4ae3995595960ec66fc44f3
SHA512

b4bc3230840d4d5f4790d344c832bbb7bccd35122014af09033153c0e603863fa52ba49a6984b77f66e8840da53163de885222f883b0d0fd4939f2dd225a173c
SSDEEP

24576:GvCFfkjQtYixBYTpTZONDejqaBjiMD95Q7:5FfkgtUTpSej9iMD9

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g92s

Decoy

lobalnews.skin

arehouse-inventory-89734.bond

isknews.online

reatfragrancecollection.net

ushaogang4.fun

agorajaku4d.pro

18p10.vip

yperionfocus.store

leva.cat

io-rduga1-ben.xyz

iscovermore.online

ootsprojectbali.camera

etzsrv.xyz

utureaiquantification.xyz

rooksexcavation.cam

5vintage.shop

lackfridayangebot.online

djmoqvxz.cyou

dams-care.online

ood-20241020-763.today

Targets

- Target
  
  doc_2024120289986556.exe
- Size
  
  991KB
- MD5
  
  b57d94df7f67bd053f7f73c98d64d4d0
- SHA1
  
  971bad50b10b4a7e275543bf68e48e367309a1ed
- SHA256
  
  449a3b5d6001e64b6b1a86e4c0fb7bac53d2679947f26948264554e4cb7a4372
- SHA512
  
  67fc5ab3e433e4ebff85470b1b378fbd94aec716b08b557474d6745d090212f13f1e95d527a4135ee4ee424b7889e7bc94b9cd287ae25a7c903ae03774fb5832
- SSDEEP
  
  24576:2vCFfkjQtYixBYTpTZONDejqaBjiMD95Q7F:pFfkgtUTpSej9iMD9Q
Score

10^/10

formbook guloader g92s discovery downloader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Formbook payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  0ff2d70cfdc8095ea99ca2dabbec3cd7
- SHA1
  
  10c51496d37cecd0e8a503a5a9bb2329d9b38116
- SHA256
  
  982c5fb7ada7d8c9bc3e419d1c35da6f05bc5dd845940c179af3a33d00a36a8b
- SHA512
  
  cb5fc0b3194f469b833c2c9abf493fcec5251e8609881b7f5e095b9bd09ed468168e95dda0ba415a7d8d6b7f0dee735467c0ed8e52b223eb5359986891ba6e2e
- SSDEEP
  
  192:eK24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlASl:u8QIl975eXqlWBrz7YLOlA
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Edulcorate/sprtter.com
- Size
  
  317KB
- MD5
  
  2065053f8690386adb8cd35f9064c64c
- SHA1
  
  ec62b55f8178b86c350e7b47490046f9b2fb1574
- SHA256
  
  b74077f003fe05f1147d8c96a7deffe44c07cbcfc4f35cf9f97eec69f3e1d389
- SHA512
  
  91e667b943e8e7cab1bb0441bf27170c1cea30253f2c3ea63c9ee305d262df3a7eb1ec1c115852995e6c6a6e01b3dec7b57a3418086471739a71639a7d5a0345
- SSDEEP
  
  1536:ZlQllV6CDA7MPbmnsU16bMeUyDSKeVN/ABuS:SbwMzmYT1e4d
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Guloader family

Guloader,Cloudeye

Formbook payload

Deletes itself

Loads dropped DLL

Suspicious use of NtCreateThreadExHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6