formbook | ec8ebd88bfd121c0dd662128bc14f8e4f2e4cb4608f4b71abadd7e970542a6ff | Triage

Sharing

General

Target

Payment_Advice.pdf.exe
Size

781KB
Sample

221004-n1w4maage9
MD5

51fb23afdf9e914a019a90eeac6fce04
SHA1

4b5a5484818e77ed3cb73f571f31f8af8290c0ff
SHA256

ec8ebd88bfd121c0dd662128bc14f8e4f2e4cb4608f4b71abadd7e970542a6ff
SHA512

5bc8511ae2fc19c470c4c8152fd3f9df09cca6e8e3f1e254f82e89a4029009344ee4a36de0515286d8559cf3588aa8501405b9d7397f8dc63b76863c6192492d
SSDEEP

12288:LAb2iN+VC/VPlzGX6HZTg42Rve+zG97WZo:+18C/F9GK5k42RvPzG9aZ

Score

10^/10

formbook e5tj rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

e5tj

Decoy

IQLFANAMFp2dn7mZspdRXA==

EoWBJbIeTf/IEhN2tg==

t1KUxwpOYU4oLFGfZZJdhQq1lq9LHrph

xDEbF5vU5frhATMLa5pba9iC2yYuTWtw

2LKDxpGoO+S/s9EmspdRXA==

8NNah7QKVO2dod+Fpi+q

oGnsF2+XtMKXmbeoLtOhYeNuaHZiXGFp

f1Gsp9YcLTb7UmQz

oTVhZFq6BY5UrUqWDTG6FIIN

bE0WfqLa5tGssaMoQds=

Lc0fHjWZxXBweoZmBC0EvvOlCWPHeaE=

bn80YTOa+rO2+5z5u9hCCIlQDyhb

vYjb5P09XQsARiJsrw==

NLGCgwhKmrxcumK64JZh9DcJRHJiXGFp

bXK7op7g/I+Al7mZspdRXA==

4QKNwghqw3EwgyGCq9ekaZIvAw==

s8teYHPK3VwWDDJ4rNSreztQDyhb

EmMtavldibSHE04q

0kFO3tzFY48MVd4=

IUlZqHyy0Qbf7xsGehjXezpQDyhb

Targets

- Target
  
  Payment_Advice.pdf.exe
- Size
  
  781KB
- MD5
  
  51fb23afdf9e914a019a90eeac6fce04
- SHA1
  
  4b5a5484818e77ed3cb73f571f31f8af8290c0ff
- SHA256
  
  ec8ebd88bfd121c0dd662128bc14f8e4f2e4cb4608f4b71abadd7e970542a6ff
- SHA512
  
  5bc8511ae2fc19c470c4c8152fd3f9df09cca6e8e3f1e254f82e89a4029009344ee4a36de0515286d8559cf3588aa8501405b9d7397f8dc63b76863c6192492d
- SSDEEP
  
  12288:LAb2iN+VC/VPlzGX6HZTg42Rve+zG97WZo:+18C/F9GK5k42RvPzG9aZ
Score

10^/10

formbook e5tj rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooke5tjratspywarestealertrojan

behavioral2

formbooke5tjratspywarestealertrojan