formbook

General

Target

dhl awb 3452778287 notification of shipment,pdf.exe
Size

660KB
Sample

221014-gx7bvsbbhr
MD5

ceaae9b2e89a36679a0b5f18ca9ce2e6
SHA1

3257c5216fe3476cd23b12cab7fa693b2b5db621
SHA256

2836ac7fa7b3769c6eb96e592ddf928fdfdd61bbf63db31752245befa6fd165a
SHA512

6cb032203548cdb167cace3d30441cff3c5a305715cb00ac4668b081d94aaddf83508ca9cf0acf0e84015e56ce2ba28be1007c9d76cf0b975008757f39d6138b
SSDEEP

6144:dbE/HUKaj4Qd6gi7qcxeNUkqckJzc+dn9zJnY5rK0Mk/BTA0fUqWif:db2DWcxeNAcic+dhJnYcKA0Jf

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

nrln

Decoy

IG7zJSm49UqTTuu/N/oTCIg=

CVLdAPgw0CRSMuZnRRU=

PiA5Z3umP2NyX81VGQhjWyS59nFYhXiG

5i6p4GeQqtBgNRfGNQ==

5984keYswxh8mGZHz4ipAHtQ

VNJaK4Gh0CrOvHpW/p353A==

71rEtrL2icToyKGhcWrTxjsFU5T98zeO

r3q1sy1iZaL+2XIUAob7yw==

9+83Qkrk/vV/jVXsDvoTCIg=

aMFAgYF1prov8/UErH/Y1A==

Alqtx/0rxwEbCLdudftl

ImCbnglBSUHF0mv2tTSP40bPeYao

s4DFNvAJ4GIJ+g==

phOa6mtS8QQICuZnRRU=

7TSu5vqRtB45EZtf4WDSTBHPeYao

ImPWqwUUIVWMQLyMbUab7tmspvNCcT8=

HF7jKjbGox2SAffTPw==

yAM3mOQot5l+cD0ikR5MGp8=

UYzW0/8z70JcQenVLidu1kLPeYao

OoCznp5UWz+hT9OBFXbfVhXPeYao

Targets

- Target
  
  dhl awb 3452778287 notification of shipment,pdf.exe
- Size
  
  660KB
- MD5
  
  ceaae9b2e89a36679a0b5f18ca9ce2e6
- SHA1
  
  3257c5216fe3476cd23b12cab7fa693b2b5db621
- SHA256
  
  2836ac7fa7b3769c6eb96e592ddf928fdfdd61bbf63db31752245befa6fd165a
- SHA512
  
  6cb032203548cdb167cace3d30441cff3c5a305715cb00ac4668b081d94aaddf83508ca9cf0acf0e84015e56ce2ba28be1007c9d76cf0b975008757f39d6138b
- SSDEEP
  
  6144:dbE/HUKaj4Qd6gi7qcxeNUkqckJzc+dn9zJnY5rK0Mk/BTA0fUqWif:db2DWcxeNAcic+dhJnYcKA0Jf
Score

10^/10

formbook nrln rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2