formbook | 941e0547c51948f5a4e8798b2455eb420d48923f042a4fd8bfadef2956dca6cd | Triage

Submit
Reports

Overview

overview

Static

static

Dumas 00045.xls

windows7-x64

Dumas 00045.xls

windows10-2004-x64

1

Sharing

General

Target

Dumas 00045.xls
Size

197KB
Sample

221102-1rz55scag7
MD5

8929528f1020108fb8b259a3e348f322
SHA1

b2d3999e307b587c876301cdc63e9e660d897cb2
SHA256

941e0547c51948f5a4e8798b2455eb420d48923f042a4fd8bfadef2956dca6cd
SHA512

0a503e28afc67e5e2ae5d19756d852977fea365b1f0a70a9288a61126a4b684267d61ee44f8fa1a643610fe70d41c1c7c45be26ab86d0ef6287e6537a3a0d441
SSDEEP

3072:FjTI8g9jTI8gnOZwGcFdWRaRW2oRS46bwnaPF0VbAdGtAqF4x8XWhcIiVxVXWOyP:1TmNTmnOZyWURWthnwWaXKXupiVryv/

Score

10^/10

formbook f4ca rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Dumas 00045.xls

Resource

win7-20220812-en

formbook f4ca rat spyware stealer trojan

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

Dumas 00045.xls

Resource

win10v2004-20220901-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Campaign

f4ca

Decoy

omFHB5ajfJi1UEIEV9XcoRw=

UBjJkmQPyprdhcFF/bdCWQ==

evGKkBUj1je+otcfpw==

KgvGVeOATSt3nug0BIOm2JvOQycB

Lv6o3K0r9aSjI0lr9fg1txw=

LH1jJb/HieQpsEdqWCQTvX2PmsDVIeg=

99dte0XauJfk6Xv+uQxJFgA1gMktBA==

21FkkGB9gMniDQw2ffu6

r4lKBM/q6TZwVZfS

F+14qHeVWi56KdQ=

BgWXRsVoICMvvQ==

I+EozFl0Uy56KdQ=

xoXCgEllKEbWfjFCCLo=

qo9G1lXvvGt5GkxrLQWw

ORNlYic0PJ2ip4geEFSv

Yj+GFpvFxy0uVYx1fLI/XQ==

XL+veIKPjOTe4fjvFs+n

D2JKVAfuakXCAyoEvw==

voWJU81tH56wvt/vImbCcgVd

dVEcwFrmb8bZ4vXvFs+n

CMlcaOUF6cB+8Bnm2Kc=

NpYV3moXNE+ZQ4f9nVGCSA==

/GRkjGd1acLHyeLvImbCcgVd

R52MlF+Ag+LtFr1QKa7Zf/5a

kVD/mSO1YK75pA==

5q3IANfo/JHiDww2ffu6

4i8RFOH2ACRdhzja

VLWOSRe00XX6sNsijPzqiiWfFgf1J+g=

qnsgRFL46lWG

xo1QHOyKS9rj4fjvFs+n

mIHZlAqzS6ymmpMCU1uyZgE=

WCtjiGCFl/4JTiJ0R60=

c0vpAtZ3fY7TeLfdcnASQg==

Y87Xlic9/1+q3g/pUArVoB4=

kKOsRsf05wBOd67a

dDmgYgOZZ0aCMVwgDha4bgc=

ieXCbvcCyja+otcfpw==

Fd0XQwkTHHaBmNDvImbCcgVd

PK/M6eM8xOwqvw==

Pf0q8MdfICMvvQ==

EO8aPQwf7z2Du+XvImbCcgVd

BeUisSg/Ql6uJcg=

ay2v2pz4gomTESLosQ==

AGjX3ak2B+FyQ9ZKrQ==

Du0y0UXomyoxT4/arA8Du3FvpwE=

xhV7OrDTdonq4fjvFs+n

9+s2xTlaW66p2IAAnVkDQA==

AuS2UeN4Nsvl5vo8J67Zf/5a

B1vK2590RiUuuw==

/709BIUfMCIln8sus2u2aAM=

BMpYckjp699wVZfS

Pf2AqIscEhlpHlnV18IvVQk=

RKUTxUbz/zFroN/LLq+kIdZM

IuuiQ9pj7ZzciLVPiks4Rxc=

0KBn8XAV7NNm2xPxuA==

nv7yBtDj4UNE/ju8er1EZSanBXfyLv4=

sBgf41X1vKTwUspTsg==

5bk4+oQWD+X01tBEqQ==

c08KjxWnau8DDSsESMKNI+P5G/6/sYjU6g==

RJiyeEVj/N3rhNAW3qU=

v6O7hhQxA//+Oyq2ms9DWQ==

7MdHCYCb4OT5pg==

Je0NLgIfKIeFuyjxYD+i

68P+tIkhBdlwVZfS

inthecryptolane.com

Targets

- Target
  
  Dumas 00045.xls
- Size
  
  197KB
- MD5
  
  8929528f1020108fb8b259a3e348f322
- SHA1
  
  b2d3999e307b587c876301cdc63e9e660d897cb2
- SHA256
  
  941e0547c51948f5a4e8798b2455eb420d48923f042a4fd8bfadef2956dca6cd
- SHA512
  
  0a503e28afc67e5e2ae5d19756d852977fea365b1f0a70a9288a61126a4b684267d61ee44f8fa1a643610fe70d41c1c7c45be26ab86d0ef6287e6537a3a0d441
- SSDEEP
  
  3072:FjTI8g9jTI8gnOZwGcFdWRaRW2oRS46bwnaPF0VbAdGtAqF4x8XWhcIiVxVXWOyP:1TmNTmnOZyWURWthnwWaXKXupiVryv/
Score

10^/10

formbook f4ca rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookf4caratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy