formbook

General

Target

tmp
Size

687KB
Sample

220914-cbgf4acggm
MD5

e4e38d68339daa4e300e18e34d8191b0
SHA1

5ceb0357310bd7ec48f31ebb8fffb304ff0f465a
SHA256

51b2d72cc4067375ab54571626bc15241676d0207a2cd21ff79c0e0060397ac5
SHA512

76b50c9f00aa673d5b5ffee1528a5df07a7c487b676fef7d31e2eaae0a0657d167e104bef45ba0d915bf578642e9c95dc96f98d3491a035df9ff3c1c7d34ed1a
SSDEEP

12288:IDOHTHVVVcyTyRXTQEalyY24v6Q2bRJfUjcgFOwxpAmkjt6kx:Iej1U0VL2u6Q2VJcjOwxC3jt6kx

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

nogs

Decoy

0QX/9DdhLWWLw7Pwzfhf5yU=

4ME/nPMH090p8HPEGx5dVxLO

qKR7eOYftf1zXiEifMYvLmMuJg==

JJSU5dw5YXD0d2s8DX8=

Oswop1ZfvA3184JL

oRINXD2zP3SqX+VhbbWt

EuBl9mCqx1y+OGz4xPhf5yU=

HzQUJOyHZZ8aiproM/hf5yU=

Uz0PDH6iU5rKxfLIKw==

2Rj67a0BR3Xm3ZRhbbWt

caiYqWzga7w/VJeL+2g=

ZsarhfIos/sWa2s8DX8=

S7mv5KwdA0xKms4=

XIJ2cLXbwB1Pj5bgwvhf5yU=

bvZO26EFz88k+qlDE5C7O74qeDs=

S6iEuJr2zx69SpFFWaCn

CuBpAne3DF+cX+JhbbWt

S8EsyZv10glJAms8DX8=

z7UwlfUb//w3/HTBISh0HTI=

sN5pmG1ziZE=

Targets

- Target
  
  tmp
- Size
  
  687KB
- MD5
  
  e4e38d68339daa4e300e18e34d8191b0
- SHA1
  
  5ceb0357310bd7ec48f31ebb8fffb304ff0f465a
- SHA256
  
  51b2d72cc4067375ab54571626bc15241676d0207a2cd21ff79c0e0060397ac5
- SHA512
  
  76b50c9f00aa673d5b5ffee1528a5df07a7c487b676fef7d31e2eaae0a0657d167e104bef45ba0d915bf578642e9c95dc96f98d3491a035df9ff3c1c7d34ed1a
- SSDEEP
  
  12288:IDOHTHVVVcyTyRXTQEalyY24v6Q2bRJfUjcgFOwxpAmkjt6kx:Iej1U0VL2u6Q2VJcjOwxC3jt6kx
Score

10^/10

formbook nogs rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2