formbook | 7d7ddc78a2b3b293d02ec1038c1583cbfd86085d3ab443b34c8d6e09c4993ed1 | Triage

Sharing

General

Target

yeni sipariş pdf.exe
Size

820KB
Sample

220223-n8lmvsaaa3
MD5

00b429a954694c1e25e2bcd437a1b6d7
SHA1

0d48fdb46206ed4693d3d72d588beb46af7c492a
SHA256

7d7ddc78a2b3b293d02ec1038c1583cbfd86085d3ab443b34c8d6e09c4993ed1
SHA512

d4e2fe93bdfd83a8d4b5ac5eee9510d03dd33b4975c8c612295eca01a6a3ba1a3da4c6745ca53fb62908dbc7e27ce86b1b29d5575d76791f1da057f41895e23c

Score

10^/10

formbook g2m3 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g2m3

Decoy

stocktonfingerprinting.com

metaaiqr.com

junicy.com

libertymutualgrou.com

jklhs7gl.xyz

alex-covalcova.space

socialfiguild.com

drnicholasreid.com

androidappprogrammierie.com

relatingtohumans.com

jitsystems.com

gbwpmz.com

lesaventuresdecocomango.com

wu8ggqdv077p.xyz

autnvg.com

wghakt016.xyz

lagosian.store

hilldoor.com

oculos-ajustavel-br.xyz

nameniboothac.com

Targets

- Target
  
  yeni sipariş pdf.exe
- Size
  
  820KB
- MD5
  
  00b429a954694c1e25e2bcd437a1b6d7
- SHA1
  
  0d48fdb46206ed4693d3d72d588beb46af7c492a
- SHA256
  
  7d7ddc78a2b3b293d02ec1038c1583cbfd86085d3ab443b34c8d6e09c4993ed1
- SHA512
  
  d4e2fe93bdfd83a8d4b5ac5eee9510d03dd33b4975c8c612295eca01a6a3ba1a3da4c6745ca53fb62908dbc7e27ce86b1b29d5575d76791f1da057f41895e23c
Score

10^/10

formbook g2m3 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookg2m3ratspywarestealertrojan

behavioral2

formbookg2m3ratspywarestealertrojan