formbook | 4562af450cbc44c9ddf59509c802f83abcc2dc66a2eccc0b734ea7ceded60522 | Triage

Sharing

General

Target

tmp
Size

1.1MB
Sample

220909-nyaslsbhbr
MD5

911b41caf07e1358460415fe7ddc9ba5
SHA1

2a2e2120055b91824166b4cbecb86b25cab7a6f1
SHA256

4562af450cbc44c9ddf59509c802f83abcc2dc66a2eccc0b734ea7ceded60522
SHA512

92f5410901ce62f81bd2d1e0e86cd3492b05fcf415a271e9784994239296b3001e1a53b5ff176d1c3cc09fa42ae1e0c379cada397c74d7e232590e048938b80d
SSDEEP

12288:imIFTT41hw4e/ehLrz9+maNmNR734hodpBXk8jB6rSDdrCsv6ySk1hw4e/:lIF/L4LJwNmNYqpBXXQCOsvu4

Score

10^/10

formbook nytc rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

nytc

Decoy

xxa3lYw6m81Pd//kzzAdG4U=

YXZAfGEJkwXABM5TR/E=

hUbaOQOt0DYguI9XS8pwJrEZWmU=

A/ygqm4Kfa0kUcnqnsJDp+zEWGM=

RORz56hFPHnrLO2iW0+9

iqg4UizXgbNRcvmiW0+9

VRTafWQvdNtipVkn5VtZyrF/+rnbCQ==

gQueRkb7G4Z/Jvu3qBQZNo8=

ePKbHxG8f76FOQesODERPA==

fHESMDnjE3MqK+7b

0k/peV8LzCGeqzU7ODERPA==

cTQPl24ePactS+KiW0+9

pjTaSRTKnctzqirmZx/oa3X0tg==

aAWYMRriqLzAA85TR/E=

tDgT5cRmmQqRpFrkpR+4

drFaFOGXywjGUxzL9wm++AOs

Okbd//qcDXIbai4QB7WKaH+p6bEPPfgV

ae/IhkTwKWcXT9mY6A+++AOs

eEbmHeuHEHk4xoclVxQZNo8=

C2I8W0/9c+jsDk/CmEn8Ng==

Targets

- Target
  
  tmp
- Size
  
  1.1MB
- MD5
  
  911b41caf07e1358460415fe7ddc9ba5
- SHA1
  
  2a2e2120055b91824166b4cbecb86b25cab7a6f1
- SHA256
  
  4562af450cbc44c9ddf59509c802f83abcc2dc66a2eccc0b734ea7ceded60522
- SHA512
  
  92f5410901ce62f81bd2d1e0e86cd3492b05fcf415a271e9784994239296b3001e1a53b5ff176d1c3cc09fa42ae1e0c379cada397c74d7e232590e048938b80d
- SSDEEP
  
  12288:imIFTT41hw4e/ehLrz9+maNmNR734hodpBXk8jB6rSDdrCsv6ySk1hw4e/:lIF/L4LJwNmNYqpBXXQCOsvu4
Score

10^/10

formbook nytc rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooknytcratspywarestealertrojan

behavioral2

formbooknytcratspywarestealertrojan