formbook | 2088000ab7a60b6d9eb519d1da9d42934e908a9724ab6977bc853d30b7f96642 | Triage

Sharing

General

Target

SecuriteInfo.com.Trojan.Mardom.MN.10.23111.3388.exe
Size

1.1MB
Sample

221103-rjed2abbh7
MD5

3c21079c403687f4339a136919931ef5
SHA1

05bb1260bbdc0d05460f41e2423691f7c044bbe9
SHA256

2088000ab7a60b6d9eb519d1da9d42934e908a9724ab6977bc853d30b7f96642
SHA512

1285f2e9b1fb1cf2785f88514542a8bf7beeed52558fa9fb49280e2c91b1e17ccfc514435969491cbd0cd0d4f9d29e7803eec248ca43e04ebf37d5f14d05bc38
SSDEEP

24576:LNlitFN9lSz5iPqjiX+Iv3GytN1YeZo82E+u6Sz73JEL:LvizNCzc2I/GYNj6zup5E

Score

10^/10

formbook u6hu persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

u6hu

Decoy

OvIuZKrtOMxghbaZbvb/8h9g+Q==

mjHLVEVO8gwVeZ+7

Lh1lcZzH8pTXgpdDzV0vzyVooAsviHQ=

OzJXhMQYaQKNT1aBY/gM8h9g+Q==

WSJFbX28mK+jXVvRJofdtSc=

mEv6JdT2o7Nq++XYt8MFpx5QrhRdhA==

Wxf/NnjMRlBj6JK3jg==

nB21Q0tg7gEVeZ+7

IZinOswGUPAn51eHvCAoMetC

INxV9PYg7AQP0xyDAyg=

kkZP+Iq1AgMVeZ+7

meuru6sSaxxuoLS7gA==

y0jMTFyffedqCSRXVfm/

sJbTfRVKuQScxw==

+ecHP3ayIjYFnb7j2Pt6z5dK

uZnHRwRE9QwVeZ+7

ZBg6Sy054P4oHp0DknCx

nFXn8j4yTuJ9aOfNlw==

35ygHt8uASpReRyDAyg=

8nT3T+8eWeh6aOfNlw==

Targets

- Target
  
  SecuriteInfo.com.Trojan.Mardom.MN.10.23111.3388.exe
- Size
  
  1.1MB
- MD5
  
  3c21079c403687f4339a136919931ef5
- SHA1
  
  05bb1260bbdc0d05460f41e2423691f7c044bbe9
- SHA256
  
  2088000ab7a60b6d9eb519d1da9d42934e908a9724ab6977bc853d30b7f96642
- SHA512
  
  1285f2e9b1fb1cf2785f88514542a8bf7beeed52558fa9fb49280e2c91b1e17ccfc514435969491cbd0cd0d4f9d29e7803eec248ca43e04ebf37d5f14d05bc38
- SSDEEP
  
  24576:LNlitFN9lSz5iPqjiX+Iv3GytN1YeZo82E+u6Sz73JEL:LvizNCzc2I/GYNj6zup5E
Score

10^/10

formbook u6hu persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooku6hupersistenceratspywarestealertrojan

behavioral2

formbooku6hupersistenceratspywarestealertrojan