formbook

General

Target

ungziped_file
Size

224KB
Sample

221031-m2xacaagb4
MD5

c7eac5a7087af67171d5515c27d6f927
SHA1

3e036ca39fab2b5e47aa297b5951954ac45dc6f6
SHA256

0e00f12317743737906e4779e5a936985e8ee76a8254a7ef81f67a5509e9f524
SHA512

cd8f759a09101917d053cbcf3a2269709711e959ac7c655813b8d288da6a507fedd42b06f9fc5a7e17298607543317ccf3fde2754ac7c0120d3513558ac071d5
SSDEEP

6144:qweEpSKY3hdH6CVjlmaEJlnXEGkCnFSN6xZkfpNvpJ:bSN6mlFm0GkiCSChNj

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

0nta

Decoy

gbsCquDKPUb+i0Rm

eccFwzyxeEotI8Ul4YIzPg==

bdsn2Sl9Bol+2aFJ6MKrx3NcrN+kLrA=

SLPEtzgs6DQUEdHiW3vibToq

Bl967wbymDrsQ18=

BWvuZozwNlwVYjPGv4hDOw==

L5nwqf9dGOOqwX+MGq2BhkBzz+ne

X6uAMol2Y9eex43gdg4=

0jFwFmPSjKJeT0s=

O3q7eQw18Jxs

R6HrqxiWheCCueVv

K2V+CD6jnKBbVPYHy89ho8I=

YLcAq+U9+uDgOfvdLvzp

kQPCgwDontKJxI3gdg4=

aeIPy0axLpNaaA52M8aGxaNE/Qk=

9T97HXSZjG1l

Nm9n0uvKQ0j+i0Rm

DIKJzOFACPe0LwgytIse0U/TqkgGhA==

Ya+2H09GvMXEEiy/0GLibToq

cruIS/BVRkv8+LjVkzTibToq

Targets

- Target
  
  ungziped_file
- Size
  
  224KB
- MD5
  
  c7eac5a7087af67171d5515c27d6f927
- SHA1
  
  3e036ca39fab2b5e47aa297b5951954ac45dc6f6
- SHA256
  
  0e00f12317743737906e4779e5a936985e8ee76a8254a7ef81f67a5509e9f524
- SHA512
  
  cd8f759a09101917d053cbcf3a2269709711e959ac7c655813b8d288da6a507fedd42b06f9fc5a7e17298607543317ccf3fde2754ac7c0120d3513558ac071d5
- SSDEEP
  
  6144:qweEpSKY3hdH6CVjlmaEJlnXEGkCnFSN6xZkfpNvpJ:bSN6mlFm0GkiCSChNj
Score

10^/10

formbook 0nta rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2