formbook | e2328874b4deb0accd85b76ba1a5f7734dc7e70ff17f4722bf9158d54a0aab96 | Triage

Sharing

General

Target

e2328874b4deb0accd85b76ba1a5f7734dc7e70ff17f4722bf9158d54a0aab96
Size

747KB
Sample

220414-pv6xbacae8
MD5

86882908b1bf788112a2da6bfde08a7c
SHA1

995c4ab5a4bab535066635f287f87799691f4ff8
SHA256

e2328874b4deb0accd85b76ba1a5f7734dc7e70ff17f4722bf9158d54a0aab96
SHA512

88af00ef5a33ef12208ea42e51b1892f127bb755b3032beef8bc3d281685d9fb82721cc85bce672740773dca38c2f55a816175effa45a86bec69e20b48783321

Score

10^/10

formbook metastealer fs8 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fs8

Decoy

deanpalm.net

dinu-living.com

setsomegoals.com

craftyfresh.email

cleantons.com

szysjfjx.com

shestakova.info

70skinstore.com

ampletrade.ltd

cmmcwomen.group

michinoeki-taka.com

auntoni.com

huochegw.com

abovekulture.com

gzjige.com

americastandproudagain.com

hobbyhousekennels.com

1020waterviewdrive.com

5927399.com

gabipareras.net

Targets

- Target
  
  e2328874b4deb0accd85b76ba1a5f7734dc7e70ff17f4722bf9158d54a0aab96
- Size
  
  747KB
- MD5
  
  86882908b1bf788112a2da6bfde08a7c
- SHA1
  
  995c4ab5a4bab535066635f287f87799691f4ff8
- SHA256
  
  e2328874b4deb0accd85b76ba1a5f7734dc7e70ff17f4722bf9158d54a0aab96
- SHA512
  
  88af00ef5a33ef12208ea42e51b1892f127bb755b3032beef8bc3d281685d9fb82721cc85bce672740773dca38c2f55a816175effa45a86bec69e20b48783321
Score

10^/10

formbook fs8 rat spyware stealer trojan metastealer
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Meta Stealer Stealer
  Meta Stealer steals passwords stored in browsers, written in C++.
  stealer metastealer
- Formbook Payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookfs8ratspywarestealertrojan

behavioral2

formbookmetastealerfs8ratspywarestealertrojan