formbook | 5b0bae068b7cfad0ecf1ff6dace393fffb20143b981c68effec661c0117cba5f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Win32.PWSX-gen.7343.exe
Size

799KB
Sample

220922-fsjvbsaaf8
MD5

8c79afded9a086eee3362194e95887a8
SHA1

2f53b1e099edb768f937155cac9d0f00042f8c84
SHA256

5b0bae068b7cfad0ecf1ff6dace393fffb20143b981c68effec661c0117cba5f
SHA512

054697742f6ab15474e90c1fe847268807764fc3d77d88db9e93d08cdde71d02aa2b611db0d2998ef88d566687c3acce086d1c0cd9145c2e3968299221e6d72a
SSDEEP

12288:6wEdMDC0iJPkVe7M/mnO+sRvKNCp7w+kyJksQmhOD6sjub:3C0ilYe7MenO+sRvKcydsQeOD6a

Score

10^/10

formbook tbgn rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

tbgn

Decoy

72uabkWDao+ISa9+tnvd8g==

iHmPX6PZRe2+KUpH8bvyQ68=

DDZrOvw0IT/2cK9sgmSn5Q==

c9nixBxRvLxNBkHR/Q==

Ms/6ydhGJCsp8F8rmWeBMbg=

9vwtEc/074RPygwVx3vJk1Sj6nRnFQ==

3Xy/qN8agnyJQpliwmSqtMLvdQ==

4YelbYl+4fT6sSYguZ3Lhh+rSJQ=

3HSghdAThh2rZPMKqkifKesnqu9orLE=

zwA5DmqaB+VyYuw=

JcUFx6bdrcZbFjWu4rL4

IL7z2C5vtEdYBx/NAYE=

H4+ggrrmXwTFTain36T5

IBEn7UyPK8eER+id9w==

j7LfxdFDOWJlInsaWRhTRMXjLpByHw==

gBsrBXWAXWg9MqYDIug0G+l2k9gQ

432wiJgA7Ox7OsNDexmDtMLvdQ==

fJzoyChf4PQCtyIny2K6jQsBLpByHw==

gLTzwFJTKj3Pds0HC83YDd4h

EKPToXy2sdR1J4bau1KqkwsBLpByHw==

Targets

- Target
  
  SecuriteInfo.com.Win32.PWSX-gen.7343.exe
- Size
  
  799KB
- MD5
  
  8c79afded9a086eee3362194e95887a8
- SHA1
  
  2f53b1e099edb768f937155cac9d0f00042f8c84
- SHA256
  
  5b0bae068b7cfad0ecf1ff6dace393fffb20143b981c68effec661c0117cba5f
- SHA512
  
  054697742f6ab15474e90c1fe847268807764fc3d77d88db9e93d08cdde71d02aa2b611db0d2998ef88d566687c3acce086d1c0cd9145c2e3968299221e6d72a
- SSDEEP
  
  12288:6wEdMDC0iJPkVe7M/mnO+sRvKNCp7w+kyJksQmhOD6sjub:3C0ilYe7MenO+sRvKcydsQeOD6a
Score

10^/10

formbook tbgn rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooktbgnratspywarestealertrojan

behavioral2

formbooktbgnratspywarestealertrojan