formbook | c8e6840e3aa32b2f68c912e0cd09d6956863418a7bb5cd552dc2fde563d53327 | Triage

Sharing

General

Target

DRAFT.exe
Size

859KB
Sample

220922-ewzvaadefp
MD5

eeef1bb50b50ea56de000b58d5d1af23
SHA1

913f174bbe99536c02b13b814aece6618dd44d88
SHA256

c8e6840e3aa32b2f68c912e0cd09d6956863418a7bb5cd552dc2fde563d53327
SHA512

4845b3e98c4ab85ec65da6219464057bcd6fc3bfa0ae3f460c81c9d5bf93586f118deb433369779a3782deea9a34406830d2a7932e120b54087228ee4bf7f4bd
SSDEEP

12288:32wnbnku/zUCyxjiurvwqFrl/FeYnjSScwGlW0b:3JnTkyy2urJFJ3jJ7g

Score

10^/10

formbook d6iz rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

d6iz

Decoy

FkA/Rc+zw+0paU+GEiQh+g==

u54Xp6nujzFowU4P

EOvDCsjIcMgdORQ=

AuwHDKo90fNowU4P

pgyJWSAeSn6PEafn3w==

3uX1Rw+ed9vrNQ==

jF5ap2Dv9C1PwGrd2Q==

HO748Nunv9ftKA==

Y3nTdCLF3gspa0+HEiQh+g==

sTcJEshxAzXL5wGzPaA=

E/w4u2Vb6henwGrd2Q==

HyiDPgQFmbk/EuMX3D7NrWLX0XU=

E2QDkA/Sapg7+GJV8ULKrGLX0XU=

OSgyD3k1WHd+8vQc48OmEfvTww==

AVwcD5BnNY6o588P2A==

OghAuUYpwNlqf3CtJsAyRL5h

qQbNBg5d+StQ22hVZXWVOK0=

/+bLGhaIK8gdORQ=

2EwZLB/UCA4=

he9L+LfD0TAFfsIA0Q==

Targets

- Target
  
  DRAFT.exe
- Size
  
  859KB
- MD5
  
  eeef1bb50b50ea56de000b58d5d1af23
- SHA1
  
  913f174bbe99536c02b13b814aece6618dd44d88
- SHA256
  
  c8e6840e3aa32b2f68c912e0cd09d6956863418a7bb5cd552dc2fde563d53327
- SHA512
  
  4845b3e98c4ab85ec65da6219464057bcd6fc3bfa0ae3f460c81c9d5bf93586f118deb433369779a3782deea9a34406830d2a7932e120b54087228ee4bf7f4bd
- SSDEEP
  
  12288:32wnbnku/zUCyxjiurvwqFrl/FeYnjSScwGlW0b:3JnTkyy2urJFJ3jJ7g
Score

10^/10

formbook d6iz rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookd6izratspywarestealertrojan

behavioral2