formbook

General

Target

SWIFT Transfer (103) 022FT102211200045.exe
Size

808KB
Sample

221121-184vnada7y
MD5

2dcae6df92afaf02c7b46ab27b15a2a9
SHA1

812ba37bf384e0bea85097441ccd024f683fa1c6
SHA256

0d68d580e0b5eab78723411ce4a8a0cca360d1495951dde7243989044d47d5cc
SHA512

d2c67f9180d94c156a048e5f6694afcfaa53f99f4d6266cb3011cc23cb47523fa9ec7bbaf4fa4120d79270e06042cc4fb5a2b1970411cef03c495cf5b77475e2
SSDEEP

24576:yr18+L74mBfNUstzow3r8JNDG40SgSatPpzguTsu:yrLIid//L

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

n2hm

Decoy

XCeG4IxNKbAl

YzJWbnC+El84nA==

KAJcdmP8yEcO5LXPCFF42Wfb

I+J+xYO95GJQWVU=

GtgxPPv3FmQmhw==

Og9NYF4xEl+j7vGTR93xvg==

506Cg07bsT0G6yK+A96H0h35V+JLkwI=

wAYXFN+pSFIXgQ==

ijzLI/f+FmQmhw==

UfT2PweNm+w8

GQWVw5aZnfF/kS5e

30BKYjua9zcA7gAwsPUngLnjyrBNEgo=

AM65OrmyFmQmhw==

VSlTVxISZ4J/kS5e

GGKj6K33SRh6e0/YzT5nQGlK5CXRqw==

B9H98cUUfX+AWOqiTA==

MxVffWOIoVnM37zrd2sTaOY=

z6bxCgG/mGhR7oDzQA==

pQgSLSRi6AK3M/PdArpX

6rRRsYuSnXx/kS5e

Targets

- Target
  
  SWIFT Transfer (103) 022FT102211200045.exe
- Size
  
  808KB
- MD5
  
  2dcae6df92afaf02c7b46ab27b15a2a9
- SHA1
  
  812ba37bf384e0bea85097441ccd024f683fa1c6
- SHA256
  
  0d68d580e0b5eab78723411ce4a8a0cca360d1495951dde7243989044d47d5cc
- SHA512
  
  d2c67f9180d94c156a048e5f6694afcfaa53f99f4d6266cb3011cc23cb47523fa9ec7bbaf4fa4120d79270e06042cc4fb5a2b1970411cef03c495cf5b77475e2
- SSDEEP
  
  24576:yr18+L74mBfNUstzow3r8JNDG40SgSatPpzguTsu:yrLIid//L
Score

10^/10

formbook n2hm rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2