formbook | cd5d9b007cb1b71e7c70071c5f8ca17d4a994cdedbeae383de55345cceec10c0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cd5d9b007cb1b71e7c70071c5f8ca17d4a994cdedbeae383de55345cceec10c0.exe
Size

832KB
Sample

221010-m3z3mabee3
MD5

488a92e53724b14f114bf642ef01a598
SHA1

4ade82db0e3762a754df784e1174741776b77b79
SHA256

cd5d9b007cb1b71e7c70071c5f8ca17d4a994cdedbeae383de55345cceec10c0
SHA512

c7b37e61fc3604c3079725c48e437cb2128fabf0ad13fd6b6a2163def410c6f56461457cbfe811ba22ffdf393228dc5cd13ba6c36a58ad3daada6d1d5bad33af
SSDEEP

12288:Of5dQ0pNedvv+JlebXrI1/J+YDQ4XXA0BOp9DIXZzRb:Of56AoWke+H4XwaO8X

Score

10^/10

formbook 8awd rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

8awd

Decoy

py09MqOp96q6/h3QscX4tW3iC7Zc

Tz1RED2uEMHX5bExDz09Jqi/Dp0H80+R

8zT8gjNx3p7wuIME

ZPsM5CNczTg0hpxQMjVpXNviC7Zc

+5mhjcAHMLXwuIME

SlXLkzt83EG+XgMB

49P3teQlh8kXa0EBktUPoJ1H

BX4jXQd5qd4zzA==

6oy60lNViBATLADLf5md

2fFyLfZggXpyxA==

UBko+iEvcbAMyMliSy08HRT1udo=

uVl5kv1HcfxOn10=

NdJzr7kWDsC/

LoQwD70XbJ2y3qZcI8rHtHniC7Zc

SdTk6XN+x36YxLqqX1CdcQ==

bshYGLil02pvusAUqm2ndw==

eP8PQhhsCPs00FjNsIOpWxT1udo=

Ya5AGLWc4IbcVpnLf5md

Q8G/i732kjY+XpzLf5md

ioWvTFWx9KLwuIME

Targets

- Target
  
  cd5d9b007cb1b71e7c70071c5f8ca17d4a994cdedbeae383de55345cceec10c0.exe
- Size
  
  832KB
- MD5
  
  488a92e53724b14f114bf642ef01a598
- SHA1
  
  4ade82db0e3762a754df784e1174741776b77b79
- SHA256
  
  cd5d9b007cb1b71e7c70071c5f8ca17d4a994cdedbeae383de55345cceec10c0
- SHA512
  
  c7b37e61fc3604c3079725c48e437cb2128fabf0ad13fd6b6a2163def410c6f56461457cbfe811ba22ffdf393228dc5cd13ba6c36a58ad3daada6d1d5bad33af
- SSDEEP
  
  12288:Of5dQ0pNedvv+JlebXrI1/J+YDQ4XXA0BOp9DIXZzRb:Of56AoWke+H4XwaO8X
Score

10^/10

formbook 8awd rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbook8awdratspywarestealertrojan

behavioral2

formbook8awdratspywarestealertrojan