formbook

General

Target

PO 2000057560.exe
Size

1.1MB
Sample

220920-mpdmgacgd9
MD5

29a50ff6397fe78b930c764195a1d9cb
SHA1

fdb262c5660dac2a6b30e8a488a05eec6b622151
SHA256

02f864baf71847c5832c94f396bb14ba3fd5c1b7d96936427c358f37a6cfa105
SHA512

d38c8319eb8dbe49479c4352365a066880b2b40f29a527dcf852b7d8117dc6ee1c35bdfd7830de342242154a4f8baa2ede414b5946aaaf70b43d37476750988d
SSDEEP

24576:iAOcZXp0P1xtOcW1JhC1MIDV2riu7w84UopeOH+2UNUquptQZNR:oL1jk+V2rtUUbJZupA

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oy10

Decoy

wzwanju.com

vaultnutrition.info

propane-gallon.site

balkanmetin2.com

costa-del-sol.email

kayodeokikiolu.com

singlesshirts.com

nearestfoods.com

trenddetail.com

yihaimaidan.net

dfdr3r.site

tuitionmatters.co.uk

benglas.online

coloraja.xyz

tianzicheng.com

lamkt.com

dileca.com

6698856.com

vishi.store

ablehair.com

Targets

- Target
  
  PO 2000057560.exe
- Size
  
  1.1MB
- MD5
  
  29a50ff6397fe78b930c764195a1d9cb
- SHA1
  
  fdb262c5660dac2a6b30e8a488a05eec6b622151
- SHA256
  
  02f864baf71847c5832c94f396bb14ba3fd5c1b7d96936427c358f37a6cfa105
- SHA512
  
  d38c8319eb8dbe49479c4352365a066880b2b40f29a527dcf852b7d8117dc6ee1c35bdfd7830de342242154a4f8baa2ede414b5946aaaf70b43d37476750988d
- SSDEEP
  
  24576:iAOcZXp0P1xtOcW1JhC1MIDV2riu7w84UopeOH+2UNUquptQZNR:oL1jk+V2rtUUbJZupA
Score

10^/10

formbook oy10 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2