formbook

General

Target

OFERTA_5420220000000000000000000000000000000.exe
Size

713KB
Sample

220929-mebecsadg8
MD5

cd37d60e8e4e73bf7cc73737da77bd66
SHA1

5241609a9066cf44f9fec214d4b1048007e4fb39
SHA256

564b0058f3279d208079cc2369077a4358432acfcc9236247b3ae7517928b342
SHA512

e241a492e8a76eec49365996fab506257979d91b81b89dae78336403c418f72bb44c442519b0875f1a5b954bdc0acbd95d3bf854f53c582e95506ef95793bfdc
SSDEEP

12288:8ToPWBv/cpGrU3yH7mp7O0aJLpNBB/Dhw9Z7ho:8TbBv5rUsmp7jSLbBB/Dhw9Z7ho

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

f4ca

Decoy

QYZ6iE9Y+CsiZpCBareS0uU=

N2FQLAaH6xXE

Vc6t0MQXN+Llxsqg

ElBedmSvYGGm6yLDhHqzAtmlCxWl

4VpIWShqHR5cpjfQ4bs=

mepO9miu/iFiQQ==

Z8Owqh54IlwEpDfQ4bs=

qcq4uT5HecWZG3EVwKTiUE7slrGQGiyo

IaYYoJikKDDqgV/NigZCLA==

4Xz5pfoCCW/76NnOUrFEOw==

xiijSkVJ3Yuh9OKDcmui/d2lCxWl

cr8MmfpCEu0ULsO3p6w=

JLm2yKHo7hdVb8O3p6w=

Hriy5svWm2Qfq9mPQib9jJI65gOr

2G3nkRpidunlxsqg

gPHUAeXmi8Q9ARy3

6l5WaOf8BxhQDkp5gKQ=

KHHiXs4WOqXZdPhpaw==

+UQ5Vz5O0Ms9ARy3

pNQygKu0OziAvjOHRGLnJA==

Targets

- Target
  
  OFERTA_5420220000000000000000000000000000000.exe
- Size
  
  713KB
- MD5
  
  cd37d60e8e4e73bf7cc73737da77bd66
- SHA1
  
  5241609a9066cf44f9fec214d4b1048007e4fb39
- SHA256
  
  564b0058f3279d208079cc2369077a4358432acfcc9236247b3ae7517928b342
- SHA512
  
  e241a492e8a76eec49365996fab506257979d91b81b89dae78336403c418f72bb44c442519b0875f1a5b954bdc0acbd95d3bf854f53c582e95506ef95793bfdc
- SSDEEP
  
  12288:8ToPWBv/cpGrU3yH7mp7O0aJLpNBB/Dhw9Z7ho:8TbBv5rUsmp7jSLbBB/Dhw9Z7ho
Score

10^/10

formbook f4ca rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2