formbook

General

Target

TDD500000000000000000000000000000000000000.exe
Size

713KB
Sample

221003-hsnvdscdb7
MD5

813890550ca56d37b0a986bf8cdde0b1
SHA1

88c1c4caca723a71c3f308fc8d66a44eb4a0230f
SHA256

3b56d7fd728103d3269e18e272e22d521d7c6c2304a2665217b1000631dded9d
SHA512

b29a49c5a17c2e91eeeb07816f39b0445a638452dde9841762c6a6130ee357320183f3cd68a299dc31f534d6c5dcf8839218fdbf49aca8a51d49bc4a247043e7
SSDEEP

12288:8ToPWBv/cpGrU3yH7mtstmTHIoELSbcV1W4WdV0zJPx:8TbBv5rUsmymTo7LSYxPx

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

qqci

Decoy

QetTqZClp7wFVN7CUjvCiA==

3ZTYDLbtEiw+OynhJ9HGmQ==

ZyJunbSaaekF

OOwyczoCsSvKuI0H

S/FAZYtKY2vVzCc5qIiU

axVWijjhaCVDmZpGTt3RUxGrgZIZjcapEw==

1oHQ73CAnJntuX8=

Huo0LA3V+0JZHgONI/JPQ8UJ

BKzl63IkrnSA5W41XFM=

yoHbAS7smafIszYSGkQ=

iTyFttfzdTBbmGkOV67Mjg==

KcwIME5r+IeTEv+4PVTMOV2tqTzT3w==

FLXq6sZddO4Fm4VR95ScwqT66yI=

u2SjgGoNCB0lHuGBpskelaT66yI=

0YrQwnYjYNF2v3sQ

l0O9vrjpiyM91b54/JPPguMe

P+BLw9L68iIY

AZQeZo+7cXLIRN2gtg==

K94UQ2snUJC3gl45qIiU

vlewBydLxlB05sOKHzbPguMe

Targets

- Target
  
  TDD500000000000000000000000000000000000000.exe
- Size
  
  713KB
- MD5
  
  813890550ca56d37b0a986bf8cdde0b1
- SHA1
  
  88c1c4caca723a71c3f308fc8d66a44eb4a0230f
- SHA256
  
  3b56d7fd728103d3269e18e272e22d521d7c6c2304a2665217b1000631dded9d
- SHA512
  
  b29a49c5a17c2e91eeeb07816f39b0445a638452dde9841762c6a6130ee357320183f3cd68a299dc31f534d6c5dcf8839218fdbf49aca8a51d49bc4a247043e7
- SSDEEP
  
  12288:8ToPWBv/cpGrU3yH7mtstmTHIoELSbcV1W4WdV0zJPx:8TbBv5rUsmymTo7LSYxPx
Score

10^/10

formbook qqci rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2