formbook

General

Target

ec2e6c3cf40408c34f2635d1f8faea3c
Size

1.5MB
Sample

220922-2da5jacea5
MD5

ec2e6c3cf40408c34f2635d1f8faea3c
SHA1

b58c28e96fa8a37f6fa5ad02b30eb9e04b4a6db4
SHA256

e329726b4c86a6ae54a94a3a6faa20bfc37ecc34d4d22d0551144039c33fc908
SHA512

12b54906ce59aca50c25ca8095cb8639455e0f667e53adf08faf24890e10922929d082c013da20c28659ebc333708ae8e6e1bb3f4276c70d5e5864ac7b579db4
SSDEEP

24576:fPO/ggCd4AiKHxMERBvBTKfgr3FSGc2fF6vJd99q4aTborl:74fQZRTbt+Jd99wQ

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

ruwn

Decoy

MvG74HO0R0fdGfJ1BiyHgNcexfpDQlwZCA==

Dat+rkV462igk2LufHo/NSE=

3LZ+y3jZXQ==

lllq2KJ2gwVcW/QxzS+QJlYg/g==

IPYDRekc+4ny6A==

Hr2SxM0quEmQk0bKaqw9tAcW5kMF

HMTIBAtJcQ9dXRqbctU5RZ9LIpEBbQ==

cisnZn2OqJ1k0uZtPoNh

YDxFc1uGlKqtZbzEkOrtlinS6Q==

6YsTAbSR5IKsa3kAne1gFns9

849SZE7FafcEciNlOa3y3w==

dD9IgmqPmSBH+2ujSno/NSE=

oTnMzZlugA5mXPdG2xFa/iEtS2QL

FN/mUyVE6ud9z+JtPoNh

Cvcia+2HQaBy

dQfS3I9otsZTRnAqmw==

8sOHdCb+Coa/q2KySno/NSE=

EqcwLimUNlHX7XIJpPw=

4o6PAABl7uuAv5hHHpg0800k

hyQlbm+mh+3vqxn8

Targets

- Target
  
  SKM_7582208221629057799086.scr
- Size
  
  771KB
- MD5
  
  1530c8a45172082c622237c486b96af6
- SHA1
  
  8fb29c78b30cfc2c0028cbc383d1b878dc9d941f
- SHA256
  
  d23e2f7b264aa4d686c9cbf15ab0abb86a65b446fa9ea46d6b249cbf11e72a4d
- SHA512
  
  56c384f39091876cdeb362f34bc818ce1436288a9a815d67c6a8f0177754d17f4d40dcf01157470bfec637eb92d5c4ca5fd4bd037cfda130d1c8183cd7124f55
- SSDEEP
  
  12288:vMrZeD2hOCvj6edY622KrH4998R7ibY6i+oyMBrKFN:vy3hOKRdYJ2uqRQrKH
Score

10^/10

formbook ruwn rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  WWTAN_FA518CD7DC3D4A66B4D7F73B3849E196.scr
- Size
  
  771KB
- MD5
  
  1530c8a45172082c622237c486b96af6
- SHA1
  
  8fb29c78b30cfc2c0028cbc383d1b878dc9d941f
- SHA256
  
  d23e2f7b264aa4d686c9cbf15ab0abb86a65b446fa9ea46d6b249cbf11e72a4d
- SHA512
  
  56c384f39091876cdeb362f34bc818ce1436288a9a815d67c6a8f0177754d17f4d40dcf01157470bfec637eb92d5c4ca5fd4bd037cfda130d1c8183cd7124f55
- SSDEEP
  
  12288:vMrZeD2hOCvj6edY622KrH4998R7ibY6i+oyMBrKFN:vy3hOKRdYJ2uqRQrKH
Score

10^/10

formbook ruwn rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

Formbook

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4