formbook | 764a3d3a0444a7bafb816a39624a5e2ae85c0465f5d13c63dd6fda04a35696de | Triage

Sharing

General

Target

764a3d3a0444a7bafb816a39624a5e2ae85c0465f5d13c63dd6fda04a35696de.exe
Size

865KB
Sample

220929-srbhsabcc7
MD5

6cec68a114c5819a40c4b2d5fcf842da
SHA1

96d986f3ee7b4e8df59868337621d282ece89474
SHA256

764a3d3a0444a7bafb816a39624a5e2ae85c0465f5d13c63dd6fda04a35696de
SHA512

58265c58039a514d7cd888c612a15ea1073ad209cf72627aa20b11f0a53351d42bf6a5a01860da5c22036e38fe17ec5f00d914f29992b9a062d7958556688341
SSDEEP

12288:+UxjsqTpr6h76xNUNpkUmVhzKMJBjUwkBrjXr5dsAjPJc:1pTlr6d6QTkpVJ9TYwoTs

Score

10^/10

formbook tbgn rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

tbgn

Decoy

72uabkWDao+ISa9+tnvd8g==

iHmPX6PZRe2+KUpH8bvyQ68=

DDZrOvw0IT/2cK9sgmSn5Q==

c9nixBxRvLxNBkHR/Q==

Ms/6ydhGJCsp8F8rmWeBMbg=

9vwtEc/074RPygwVx3vJk1Sj6nRnFQ==

3Xy/qN8agnyJQpliwmSqtMLvdQ==

4YelbYl+4fT6sSYguZ3Lhh+rSJQ=

3HSghdAThh2rZPMKqkifKesnqu9orLE=

zwA5DmqaB+VyYuw=

JcUFx6bdrcZbFjWu4rL4

IL7z2C5vtEdYBx/NAYE=

H4+ggrrmXwTFTain36T5

IBEn7UyPK8eER+id9w==

j7LfxdFDOWJlInsaWRhTRMXjLpByHw==

gBsrBXWAXWg9MqYDIug0G+l2k9gQ

432wiJgA7Ox7OsNDexmDtMLvdQ==

fJzoyChf4PQCtyIny2K6jQsBLpByHw==

gLTzwFJTKj3Pds0HC83YDd4h

EKPToXy2sdR1J4bau1KqkwsBLpByHw==

Targets

- Target
  
  764a3d3a0444a7bafb816a39624a5e2ae85c0465f5d13c63dd6fda04a35696de.exe
- Size
  
  865KB
- MD5
  
  6cec68a114c5819a40c4b2d5fcf842da
- SHA1
  
  96d986f3ee7b4e8df59868337621d282ece89474
- SHA256
  
  764a3d3a0444a7bafb816a39624a5e2ae85c0465f5d13c63dd6fda04a35696de
- SHA512
  
  58265c58039a514d7cd888c612a15ea1073ad209cf72627aa20b11f0a53351d42bf6a5a01860da5c22036e38fe17ec5f00d914f29992b9a062d7958556688341
- SSDEEP
  
  12288:+UxjsqTpr6h76xNUNpkUmVhzKMJBjUwkBrjXr5dsAjPJc:1pTlr6d6QTkpVJ9TYwoTs
Score

10^/10

formbook tbgn rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooktbgnratspywarestealertrojan

behavioral2

formbooktbgnratspywarestealertrojan