formbook | 9bf49205da5bd4ccef550149721a76c84b6e1bda27bc2e93f59842802ba22ace | Triage

Sharing

General

Target

PO-11059021022021.r11.rar
Size

596KB
Sample

220923-lhl5lahgej
MD5

7e534d76e54b464ad7a1c2b5174c5e21
SHA1

49e8f2fdd718517bce0f592afe1a2f3002c2a19b
SHA256

9bf49205da5bd4ccef550149721a76c84b6e1bda27bc2e93f59842802ba22ace
SHA512

a0d47b820b7f0f527d20130e5ccae839e6f5970157e2cf86982910744705da3b5d54516d8b0c8c2a67ada5250a0c69901ad739413fb0a46138245c27de44b65f
SSDEEP

12288:mYboVzHTYieU7oDlw+S37uT35R8Ja8jr7EFYUEmQsrx6mMEA0JW/mq:m86ciV7oDllS37OOhmv16nEA0Vq

Score

10^/10

formbook bwe0 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

bwe0

Decoy

GA8abA96SLI=

RjM/QAsrNyRPlNEjahNMdKXlPtbXpQ==

rOQ4ySihIKVFhRnhZxfZ

iSnyAlGXQBSBwz1C

SYfcQ54ijGWAuQq1UQTE

XRcVgsQIO8FVnvCOiHLvE3k=

K2XLULRJuod6I3dO

S4oH5i5i3+expw==

4hZdto3RgCY9esve1k7T5x9YPw==

fkpgXDuEv2NzvxCcq2AxMnE=

13czFGvtsco1gf8=

ub4KhXCsZ/qnnvYTijN3dA==

WD5IRIcJB51Hfs8grBnldA==

YqxA1LPudXGKyP1FlQ==

MZHXMBdZ8Mf2X3ZjSVY=

7mLLNhchknqdLVbz+6ci4VeD

66OK6kmRv8N6I3dO

+97y8jK5vTnIn8crIwyHnRxv03Kp

PC1PqPJ6573fH0aUnGAxMnE=

3BFlt4nJcA3Inb3TGO02bq++XzWRMVg=

Targets

- Target
  
  PO-11059021022021.exe
- Size
  
  663KB
- MD5
  
  f79dd4569875b93a8d76514917da8ed6
- SHA1
  
  3cf17a7501bf43730c845efbb43bcf1135690fc4
- SHA256
  
  b0a89f3465bf92183fd7cb61177ea2f13eb9ff3381ac06f4b14c642742982405
- SHA512
  
  736f662b306040745bc992207cbf63a4ee0c0f0af65bf95d120ed2644ead9ceb9a965ad9329da01794ca4b8fd55b1f50f544ded39461ddaf22ee46c9bded013b
- SSDEEP
  
  12288:Y3iRW/RKn40HiVwnXRxsfCQ/UIAObPDckWW9s5+oXUcC:+SHiKXuL//bPDckxs5TUc
Score

10^/10

formbook bwe0 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookbwe0ratspywarestealertrojan

behavioral2

formbookbwe0ratspywarestealertrojan