formbook | 334390d9684d06ddf9cba6191fc5ae450c3c8bcc3f3b0b667a855779573a2020 | Triage

Sharing

General

Target

Invoice 16-36-55.rar
Size

633KB
Sample

220930-kft7radhcr
MD5

fefa9766790499708464fa8109a7a811
SHA1

5d0165ee039edcf97af4fc475d8d06a255348664
SHA256

334390d9684d06ddf9cba6191fc5ae450c3c8bcc3f3b0b667a855779573a2020
SHA512

c7223adcc758550877edc365d5e642638eb96d8e0b8201756779feb444b038f6fc880d4e5c66610a7e807a04ad419a38c303b3fbb089d72e1fbf5b8eaf0ce7e9
SSDEEP

12288:NEaQbPGIvFPkkq1Qsw6rrv5pYHHGWiBMKZsYgAJpa7nRzP32qIZQoO:NHYevk6Qx6JOHGW3KGTAD8RzZ0y

Score

10^/10

formbook d6iz rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

d6iz

Decoy

FkA/Rc+zw+0paU+GEiQh+g==

u54Xp6nujzFowU4P

EOvDCsjIcMgdORQ=

AuwHDKo90fNowU4P

pgyJWSAeSn6PEafn3w==

3uX1Rw+ed9vrNQ==

jF5ap2Dv9C1PwGrd2Q==

HO748Nunv9ftKA==

Y3nTdCLF3gspa0+HEiQh+g==

sTcJEshxAzXL5wGzPaA=

E/w4u2Vb6henwGrd2Q==

HyiDPgQFmbk/EuMX3D7NrWLX0XU=

E2QDkA/Sapg7+GJV8ULKrGLX0XU=

OSgyD3k1WHd+8vQc48OmEfvTww==

AVwcD5BnNY6o588P2A==

OghAuUYpwNlqf3CtJsAyRL5h

qQbNBg5d+StQ22hVZXWVOK0=

/+bLGhaIK8gdORQ=

2EwZLB/UCA4=

he9L+LfD0TAFfsIA0Q==

Targets

- Target
  
  Invoice 16-36-55.exe
- Size
  
  918KB
- MD5
  
  c5b76d08e1571dfd19d3ab265ec85b2f
- SHA1
  
  e9efd2d3ed741511025c1f1b0f1eb1d97aab111d
- SHA256
  
  10610b7b6275e7e957ad8992b94b7488d1d55ad72a169f1abc5410f10c717484
- SHA512
  
  bc99f126b422cf373af6f5851e7368471e0505e56a42f207a2d79b407fb3de95ebc1defe1ee0cfbaf46f09b3a514ebd45b3ca0195fdf0f8e2d94fc339138bd6a
- SSDEEP
  
  12288:Rj9dHqkbfDk3OLqKGTSXzurVj0dEaVj6NAIZuH9lu08jexVbQLJKKmIjYUkt+pLk:RRhHUKGTSXzuBjVZNNelu0FCI
Score

10^/10

formbook d6iz rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookd6izratspywarestealertrojan

behavioral2

formbookd6izratspywarestealertrojan