formbook

General

Target

newPO.js
Size

4KB
Sample

221025-kk236acad8
MD5

3ea1401952fe7004973360bbe4aec8b9
SHA1

240dba7f04a06cfc7d23bfcc01f58184f5b432b6
SHA256

e31e2c584e256194d62b34964c668413b6db5c95f4ab95db89d80d4df7c15188
SHA512

d0a41702288c7e01c863d2e975b0d15a7072266f2e2afda87a7ced76c3f56fb70e63ad6b530860650e12f2ed8e3000a1b9e1329454e4ff1ef25c0cb3a10ff62a
SSDEEP

96:NxzcwV39M1Cxfc6PMpotxNAkR2mAzvs/GhWMHduUAp7UoLMY2wH85k4GkcKA6X:fzcwFG1W06PMpaxNA0Uzvs8uUc7UXCWt

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

zx85

Decoy

myclassly.com

rilcon.xyz

miracleun.shop

gadgetward-usa.com

farmaacademy.com

dreamsolutions.group

fffood.online

ziggnl.site

cherpol.com

imprescriptible-tienoscope.biz

yztc.fun

chicagonftweek.com

zz0659.com

hznaixi.com

027-seo.net

korlekded.com

gelatoitaly.com

finlitguru.com

gupingapp.com

manmakecoffee.com

Targets

- Target
  
  newPO.js
- Size
  
  4KB
- MD5
  
  3ea1401952fe7004973360bbe4aec8b9
- SHA1
  
  240dba7f04a06cfc7d23bfcc01f58184f5b432b6
- SHA256
  
  e31e2c584e256194d62b34964c668413b6db5c95f4ab95db89d80d4df7c15188
- SHA512
  
  d0a41702288c7e01c863d2e975b0d15a7072266f2e2afda87a7ced76c3f56fb70e63ad6b530860650e12f2ed8e3000a1b9e1329454e4ff1ef25c0cb3a10ff62a
- SSDEEP
  
  96:NxzcwV39M1Cxfc6PMpotxNAkR2mAzvs/GhWMHduUAp7UoLMY2wH85k4GkcKA6X:fzcwFG1W06PMpaxNA0Uzvs8uUc7UXCWt
Score

10^/10

formbook zx85 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2