formbook

General

Target

6d1fc60576f650b2806d7e74da8ddd79.exe
Size

316KB
Sample

221115-pawkvahe9z
MD5

6d1fc60576f650b2806d7e74da8ddd79
SHA1

e315d5c0868e4a2c8a796e52616cc71fe02f2e4c
SHA256

e4b98a029783ce068a262f3393caa28754470082b6b7066f34a27595e5ff2ea2
SHA512

5e6cb4636df3121435c16d509a717965cdde9823d67876b75217b8346c4de1f5aa37f84eab951db6d5ff1c4ba68954a63a8556c8d872d960705cab759baf2c64
SSDEEP

6144:0Ea0Mr7/9GTiV71Oz7VtsorLQMYN6amP+73M/3Qt9/FvDxxf1lB97Z0V5l3g/Gjh:mr7/9UiV716rLQTNmP+73BpFvDxxdjIZ

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

g2dc

Decoy

OqIwFVmXHnPUgdurr7I=

0YwewYtWNLZdkF7Q

HFT6VwOYdkifOpbT1h9DcYQ=

D+zGTvGlpriTumzBbw==

gMSID89/QqMV8yjH

HN5/g0/3yJBsnZCig9Qf

Hl33xdRU8xaC1rY=

/rhq03DorPAUH2bSp6228fGQ

gBwzCyfHge9SumzBbw==

NuOmK9+fenLQa9urr7I=

cA4+yKM4IQjpFwMt1BQEUJ1q6y0=

gpK3pqdoVNu93yS0uhocUtQmtQ==

3i3tx82Rf7yQdIyeprA=

FTo+4qVlVK7gIgxi0g3bUA==

7kDtq4wo6+cV8yjH

Dc123pIo9vcNuR9pwkQ0pPpHvQ==

KYREtH0zKNiI374=

Tok2qF4n2XOiRw==

DYFtA6ZXUJfA3MLhRtTVTQ==

C8poIeeskBCxEYHIbQ==

Targets

- Target
  
  6d1fc60576f650b2806d7e74da8ddd79.exe
- Size
  
  316KB
- MD5
  
  6d1fc60576f650b2806d7e74da8ddd79
- SHA1
  
  e315d5c0868e4a2c8a796e52616cc71fe02f2e4c
- SHA256
  
  e4b98a029783ce068a262f3393caa28754470082b6b7066f34a27595e5ff2ea2
- SHA512
  
  5e6cb4636df3121435c16d509a717965cdde9823d67876b75217b8346c4de1f5aa37f84eab951db6d5ff1c4ba68954a63a8556c8d872d960705cab759baf2c64
- SSDEEP
  
  6144:0Ea0Mr7/9GTiV71Oz7VtsorLQMYN6amP+73M/3Qt9/FvDxxf1lB97Z0V5l3g/Gjh:mr7/9UiV716rLQTNmP+73BpFvDxxdjIZ
Score

10^/10

formbook g2dc rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2