formbook

General

Target

0abbf3b2ab85a653e249c8d9e84cb5d6a254f19f.iso.tar.gz
Size

600KB
Sample

240627-mee3jsyeqj
MD5

3998fe1949dc66a20ab6d152480f291b
SHA1

3afad53f51a8d4775a87a7fa5f9cf7662673ee00
SHA256

c704ff6e66d4cb482ffd311662801623feec535ab93efdc3a722f28ea61781c6
SHA512

87d0666c8137aef1c4a87d2e07cd03937d53dd7c3afa8b0e3f1d6b0a3750eafd0ce209611588e8611cd486688f1d9067fca393ed581fb4e5df3dca436e33ebec
SSDEEP

12288:1WzRSpeJlwoKqarUDZQqiQ8VXgZTbpFbTN/lXLbX:0zRPQlDUVQPNVETlFbTN/lXL7

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ch25

Decoy

alexandermartin.shop

nojku.xyz

vrbroadband.com

ahlinih.autos

lwkyg.com

clinicasantacruz.net

sdsuihe.com

salaryforex.com

educationvibrance.com

d49wy.rest

9vl6q6hi.asia

profabsystem.online

takleforcreators.com

alphaextract.xyz

glam55.com

78032.asia

wsmh66.com

dgcustomerfirst100.shop

13445.xyz

office-27.com

Targets

- Target
  
  Fisses242.bat
- Size
  
  851KB
- MD5
  
  96f5ba27b0197df599f8b3c6a7857649
- SHA1
  
  06d21d98d5ff65532104e073d0cb95444a091cf2
- SHA256
  
  3ad893089224a6d72a8050457a2d0a3053781e1527c869ce68ce11831f0c81e7
- SHA512
  
  36803717cc7546210e63ac78705faa6966370278729d34fb33a1dab171599b6c16b41735697919cfe3aa3c84aa8a19f3139866c53cfe165cf195d39d31a64d8d
- SSDEEP
  
  12288:XcIjd3nQIQsk3na+QiH64keTjXmCSXaIVrfllStkVymDqos1ySIpkAtiN:XcIjUna3iFTT+awllSyMCqNNMi
Score

10^/10

formbook ch25 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Loads dropped DLL

Suspicious use of NtCreateThreadExHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2