formbook

General

Target

tmp
Size

547KB
Sample

221027-hw19wsbddj
MD5

0b839e22f9277f4b0781578197972509
SHA1

f2fe6205fd3642acd8a7ac87cdb3509959cbf16a
SHA256

cc268916fb77287ae7258a4301c427751c9a0277786d101aa74a761419564f28
SHA512

7d0ceb71d54b4d8a01366987d17399e28d5f071bdf8bd58ccc4013a2fbe126c7567692608373c8f7eb53c5c86e19e328ec1bd4e4cfb1a86c8d85a713fd11143c
SSDEEP

12288:2xDqh7zKuImX1RWjosbfrjQajiqIjU4t3:2eKuHFmbjcahIj

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

ncpr

Decoy

bVBX5DcJzr9yf94C3w==

pAza9ePFpFp759M=

GeHCdpsX/21yf94C3w==

A86m2jOAb2lCta5KjFGSBLa0Bdru/eQt

bEERX4lbMxXbYU3pYqPIU32+

XLFilcOTXqV04j9CxpgWTXS2

UQTWj58OqzP2ew==

MqVmrtvUwL+EuyI6FfY+xgYaxA==

Fe3ugYgE7GZT3UohKWCrog==

YsWZa7gt9HJXwDhOrwIWTXS2

9mk4g8/Nnlp759M=

g01M0Tsk/vVnrhpC5zZrpw==

ec6PYogewB7aZw==

JveT+/6JbtwGUcTPwA==

EO3y7N6/n5uK0eyQ+bdcU7x9zA==

SRMfKoboyEnEDYOUZWns8TU=

kW15b1o+IOtNpgst5zZrpw==

gUo40RWBHijfIAiuuMdrKA+WMdA=

HvDy2QVdG2cjuiJC7WrE6i4=

uwOMiN8j6q9/966Mltg=

Targets

- Target
  
  tmp
- Size
  
  547KB
- MD5
  
  0b839e22f9277f4b0781578197972509
- SHA1
  
  f2fe6205fd3642acd8a7ac87cdb3509959cbf16a
- SHA256
  
  cc268916fb77287ae7258a4301c427751c9a0277786d101aa74a761419564f28
- SHA512
  
  7d0ceb71d54b4d8a01366987d17399e28d5f071bdf8bd58ccc4013a2fbe126c7567692608373c8f7eb53c5c86e19e328ec1bd4e4cfb1a86c8d85a713fd11143c
- SSDEEP
  
  12288:2xDqh7zKuImX1RWjosbfrjQajiqIjU4t3:2eKuHFmbjcahIj
Score

10^/10

formbook ncpr rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2