formbook

General

Target

531e29b34f525987ef3210689b417ea3c1a0b4f5c8bcf180ef00148a3e6d0b1f.exe
Size

38KB
Sample

240702-br5yys1ere
MD5

246238533bb596d52737946aaf4b4d37
SHA1

8c350aff45dbb05c1d61eb885a13b591544b70fa
SHA256

531e29b34f525987ef3210689b417ea3c1a0b4f5c8bcf180ef00148a3e6d0b1f
SHA512

8e5a0bd7a5dce0bf1927ade856aec94f2cb6ee611a832f8178fa7ede5199614b137cb8a5cb001b5d34afd9a8a0628967e68d3759e4b323ea887c59f2b8dda98e
SSDEEP

384:fsNjci832cy7jQNDy1SXNh2xEPICOVvHX9RL7D6p05iVXXXtXXXXXXtX41hoJOuy:vHwL7D6Shho16G+SIp1b5tPeWTU

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

45er

Decoy

depotpulsa.com

k2bilbao.online

bb4uoficial.com

rwc666.club

us-pservice.cyou

tricegottreats.com

zsystems.pro

qudouyin6.com

sfumaturedamore.net

pcetyy.icu

notbokin.online

beqprod.tech

flipbuilding.com

errormitigationzoo.com

zj5u603.xyz

jezzatravel.com

zmdniavysyi.shop

quinnsteele.com

522334.com

outdoorshopping.net

Targets

- Target
  
  531e29b34f525987ef3210689b417ea3c1a0b4f5c8bcf180ef00148a3e6d0b1f.exe
- Size
  
  38KB
- MD5
  
  246238533bb596d52737946aaf4b4d37
- SHA1
  
  8c350aff45dbb05c1d61eb885a13b591544b70fa
- SHA256
  
  531e29b34f525987ef3210689b417ea3c1a0b4f5c8bcf180ef00148a3e6d0b1f
- SHA512
  
  8e5a0bd7a5dce0bf1927ade856aec94f2cb6ee611a832f8178fa7ede5199614b137cb8a5cb001b5d34afd9a8a0628967e68d3759e4b323ea887c59f2b8dda98e
- SSDEEP
  
  384:fsNjci832cy7jQNDy1SXNh2xEPICOVvHX9RL7D6p05iVXXXtXXXXXXtX41hoJOuy:vHwL7D6Shho16G+SIp1b5tPeWTU
Score

10^/10

agilenet formbook 45er execution rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Drops startup file
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Drops startup file

Obfuscated with Agile.Net obfuscator

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2