formbook | fbc14992308d88c7a33989479793655a4ff4c9caeb3c011f6e95b11c55f675ef | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PURCHASE ORDER 29.09.2022.exe
Size

777KB
Sample

220929-zta4cscab3
MD5

c886ccb770ce75fd527764419359a07b
SHA1

2c8d8762c84784887793c6685d02b8e18f2bb4f8
SHA256

fbc14992308d88c7a33989479793655a4ff4c9caeb3c011f6e95b11c55f675ef
SHA512

da6d5adc4b33a3389720c39094cc08b1d44c536a56f6b4610388711923cfdb2bc7fa9c8470d50239cc71d463ec1cd8f3a6a1ce6ac23d2d00c98150559034e022
SSDEEP

12288:N2iN8yxhnQvuVOKj7ahCx7dY53i57gHG9281/Q8iDznP:N1iyxhnQvuVOKY47dVsHG928Wn

Score

10^/10

formbook uymo rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

uymo

Decoy

A4J+j1lFUiMbPgQD0uzpdg==

F3lajp/JwxgpzPZ3bf9zrK0EzWDU/JY=

bOCwjfx/jOF4Las6GFv7+tQ=

9BDZHgUVSa1ypSWjNcPR

S9u+wp+ai+yEW4OWIQ==

wXxiP8BRWDG2JiTw5XA=

VeumNjNg3QeL/qtw

KYxbMI9RU7eqPpEYg1v7+tQ=

zwfU2Vv4NxXzDLy1IWFrDo3iqOoV1KB3

0XQ3wM3oGntH+iTw5XA=

nx7p2XIfYkHv9+Uu+VKx3l41j3mS454=

+BIOmtNni5xbAo5VEZFYQFAw

tkQa0SXOEjV/0yTw5XA=

YOLHv42Us4eMrHCod80dYluXJzNn

HZdsbBNsdAvOq+cr4CaIfg==

YlQ/0dwFQYtd+DXIxzKUlO8kBc9C9A==

mCL+zS69yZ9DyvVMC4399tE/Xk0V1KB3

+tXLkwCl2LyCqaNnalv7+tQ=

yPzM2bjLKPyixsjWSoWe9NI=

KQPQVL5puBHigv/RmyAU0ExD4GDU/JY=

Targets

- Target
  
  PURCHASE ORDER 29.09.2022.exe
- Size
  
  777KB
- MD5
  
  c886ccb770ce75fd527764419359a07b
- SHA1
  
  2c8d8762c84784887793c6685d02b8e18f2bb4f8
- SHA256
  
  fbc14992308d88c7a33989479793655a4ff4c9caeb3c011f6e95b11c55f675ef
- SHA512
  
  da6d5adc4b33a3389720c39094cc08b1d44c536a56f6b4610388711923cfdb2bc7fa9c8470d50239cc71d463ec1cd8f3a6a1ce6ac23d2d00c98150559034e022
- SSDEEP
  
  12288:N2iN8yxhnQvuVOKj7ahCx7dY53i57gHG9281/Q8iDznP:N1iyxhnQvuVOKY47dVsHG928Wn
Score

10^/10

formbook uymo rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookuymoratspywarestealertrojan

behavioral2

formbookuymoratspywarestealertrojan