formbook

General

Target

MT10386867902-004. pdf.exe
Size

1.1MB
Sample

220917-2tx91aeder
MD5

0bdc1fda2cc607187dc341cc25827e5a
SHA1

7248bf8f4d29a9d3c2e70c1b987b6464713e5f39
SHA256

33b4616c77120e6805e6291a245901aaf59a3ff29ab585684aa9ff4261b88425
SHA512

7b9bc1f282cbafa54a5421d67b96b682510f081ed94d94328453b5fa37f532f3a71d17ac12979bfce55faa2b23b2857745c7b4599f8ffd47a167e6e660240899
SSDEEP

24576:sONzSIoHIbBEAX+b0cM9/+TY0kNUYuy1aCb:sYzSI+IdEBb/MgTY0kNIy1/b

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

tdet

Decoy

flecOADaqXPdGREyc2S5U7in

KVyI9ev7H+7QNmD2Ypo=

/dS+buXK9NuzGmk+HDCRUfazFQ==

IHpkgl+nN4I0gAnczMbM7asQ708Cbt0=

UkVGwHvEpCcYba0OBA==

VTsq0ruLmB+azL+lXZkZRw==

5qToiFYvMKMD8W5dGQ==

S4rU9cAx619SvJr10kpU4XCfj6w=

9ymGAMljBH9nres8Ew==

BZeWfy6ACwx4uKkD66doyXuv

prCtFMOp06JaczompuX6D8VIKExtMFEs

dePiDR+zZNPBHPeGJAWv

OAR/oEfQWJ5S4N83XZkZRw==

t3LunnRUcdmGtd0rDg==

YAg6s7KVxrMcXPB/fJQLQQ==

t9oRP+fGiZ5WqdhnAg==

6nyt4oS6VLCeC907L8blYIuxEw==

rzQ6JM4sjRjA+TBcNpQ=

VILmlp6qylo/bMw=

bGqKNd1c+/9ptjYJ6adoyXuv

Targets

- Target
  
  MT10386867902-004. pdf.exe
- Size
  
  1.1MB
- MD5
  
  0bdc1fda2cc607187dc341cc25827e5a
- SHA1
  
  7248bf8f4d29a9d3c2e70c1b987b6464713e5f39
- SHA256
  
  33b4616c77120e6805e6291a245901aaf59a3ff29ab585684aa9ff4261b88425
- SHA512
  
  7b9bc1f282cbafa54a5421d67b96b682510f081ed94d94328453b5fa37f532f3a71d17ac12979bfce55faa2b23b2857745c7b4599f8ffd47a167e6e660240899
- SSDEEP
  
  24576:sONzSIoHIbBEAX+b0cM9/+TY0kNUYuy1aCb:sYzSI+IdEBb/MgTY0kNIy1/b
Score

10^/10

formbook tdet rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2