formbook

General

Target

IMG_4190.EXE.exe
Size

82KB
Sample

221007-rxz8nacfh8
MD5

8e3600f9ad235bcb17a3707e22acf4ce
SHA1

b80e36b42f88a7c234210c6a852d83b09a83bc57
SHA256

122de720597f1812e8aa3b52670be965ad1e54eae12838230b3a9ccbd1822c3f
SHA512

1662fd5f0dc8f322ea05d2ca0062f77deff816e0563fbb4682f2e9366b4dc657d75c47cf03bf190bc47edb7501de5b45c993ae1621c1397405f9eefc4542d51d
SSDEEP

768:dtL9rjBnpmrLC+dN2svQUR+MZfAMkEb9niVwT1X1Z2NMAplik7ao:lSrLCQN2OQURRfAr6QmZX1kNFlNuo

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

gy44

Decoy

gTIXg5cKbZKSjThEsFC83g==

ewoNKvGvmiR5EB8+sFC83g==

md6aiU+D3+25qDP3Ni558dgp

VMzMHyEJ/Y7kRE2iy6HWlu4+LEJm/pE=

l6iW0aXnSj8bFqWDu6/pqAr3MApog2PmqA==

FII4nH+mJUTDKAG17eI=

xJvaA796LhMYVA==

xPin8fnbjFy4THU=

P+yc7H0FZ3w7hBrp

BNCE0OFEsMGO3foiTCKCW2yIug==

tlFUnG4rGslFvOEthUDLpofSLJk=

jP4CTCXNv2FmTuPEyJjHIYrsvw==

Xs/JChYMA4qWeSjyTw4k

oTorTRrdxSHTbHSBx7DakWLnKqn6

Im4ld3JjXtcroK/1LA16W2yIug==

S7hZhUh/7CkIJQevsmm4564=

MYRQUSFMPvdzOsg9UDRaFYCH9ZPO+A==

q6GJiyklgp10kCjQ9sgeRFGkwJE=

DCscKsa1plXIKQG17eI=

gygfSBrQt0ykMkRJs4vjQ6c=

Targets

- Target
  
  IMG_4190.EXE.exe
- Size
  
  82KB
- MD5
  
  8e3600f9ad235bcb17a3707e22acf4ce
- SHA1
  
  b80e36b42f88a7c234210c6a852d83b09a83bc57
- SHA256
  
  122de720597f1812e8aa3b52670be965ad1e54eae12838230b3a9ccbd1822c3f
- SHA512
  
  1662fd5f0dc8f322ea05d2ca0062f77deff816e0563fbb4682f2e9366b4dc657d75c47cf03bf190bc47edb7501de5b45c993ae1621c1397405f9eefc4542d51d
- SSDEEP
  
  768:dtL9rjBnpmrLC+dN2svQUR+MZfAMkEb9niVwT1X1Z2NMAplik7ao:lSrLCQN2OQURRfAr6QmZX1kNFlNuo
Score

10^/10

formbook gy44 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2