formbook

General

Target

Payment_Advice.exe
Size

74KB
Sample

221011-fhd64afeak
MD5

9d9d44a47c0a8e26b887e773f9098ab0
SHA1

9e984e41ea44792c26cf8f701b42773f2cf9c06c
SHA256

d7c9050d81903010ff6843bceea4331e45f15914ba721f20e01b1eedf33dff13
SHA512

74bde60ea2fef357e88477fb13e3d0161e28982afd4a36fd7d471ec289a512865a3e90a9791091bbd8862ff3063d675b9e3a11e793efc1b7a356fa4642109778
SSDEEP

1536:acgD9hW4Fi7O8xcIhd9y8x09ubvO67yG47uAzPqurdthad63MRKDMCfYf8u:dgpEsQTxcIhd9y8x09ubvO67yG4SAzP8

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fs44

Decoy

whneat.com

jljcw.net

pocodelivery.com

outofplacezine.com

yavuzcansigorta.com

xinhewood-cn.com

cartogogh.com

5avis.com

joyceyong.art

digitalsurf.community

blackcreekbarns.com

magazinedistribuidor.com

sportsgross.com

drevom.online

mayibeofservice.com

gareloi-digit.com

permitha.net

renaissanceestetica.com

facts-r-friends.com

dach-loc.com

Targets

- Target
  
  Payment_Advice.exe
- Size
  
  74KB
- MD5
  
  9d9d44a47c0a8e26b887e773f9098ab0
- SHA1
  
  9e984e41ea44792c26cf8f701b42773f2cf9c06c
- SHA256
  
  d7c9050d81903010ff6843bceea4331e45f15914ba721f20e01b1eedf33dff13
- SHA512
  
  74bde60ea2fef357e88477fb13e3d0161e28982afd4a36fd7d471ec289a512865a3e90a9791091bbd8862ff3063d675b9e3a11e793efc1b7a356fa4642109778
- SSDEEP
  
  1536:acgD9hW4Fi7O8xcIhd9y8x09ubvO67yG47uAzPqurdthad63MRKDMCfYf8u:dgpEsQTxcIhd9y8x09ubvO67yG4SAzP8
Score

10^/10

formbook fs44 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2