formbook

General

Target

Quotation.exe
Size

6KB
Sample

221007-s8nvfadadj
MD5

50fe48f0bc657db241591d1596b76e42
SHA1

ae3d082ba3226bec627c0513e5162db268c443ef
SHA256

6a55bd03035714c63cc56eff840bc96de7ddcd5f92fcef1965c1d9babd7604dd
SHA512

e7feb56b61c5129602ed86569331c01879f1245ad828b3cffb872679f457bcce5b94acf800cd3c6b339252070eea06663f1f17e049f55a35382e78abf1407db3
SSDEEP

96:Tjv1PUI7scQ1d2W0mJfv4L+BWefYnYL/1YN+FnU:/Z5E1d2WjJHBW7YL/YL

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g2fg

Decoy

snowcrash.website

pointman.us

newheartvalve.care

drandl.com

sandspringsramblers.com

programagubernamental.online

boja.us

mvrsnike.com

mentallyillmotherhood.com

facom.us

programagubernamental.store

izivente.com

roller-v.fr

amazonbioactives.com

metaverseapple.xyz

5gt-mobilevsverizon.com

gtwebsolutions.co

scottdunn.life

usdp.trade

pikmin.run

Targets

- Target
  
  Quotation.exe
- Size
  
  6KB
- MD5
  
  50fe48f0bc657db241591d1596b76e42
- SHA1
  
  ae3d082ba3226bec627c0513e5162db268c443ef
- SHA256
  
  6a55bd03035714c63cc56eff840bc96de7ddcd5f92fcef1965c1d9babd7604dd
- SHA512
  
  e7feb56b61c5129602ed86569331c01879f1245ad828b3cffb872679f457bcce5b94acf800cd3c6b339252070eea06663f1f17e049f55a35382e78abf1407db3
- SSDEEP
  
  96:Tjv1PUI7scQ1d2W0mJfv4L+BWefYnYL/1YN+FnU:/Z5E1d2WjJHBW7YL/YL
Score

10^/10

formbook g2fg persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Checks computer location settings

Deletes itself

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2