formbook | 3f00dc9a046489c35c6dbcfcf2d91dfe03f7f700574be6a87fa623381727f92a | Triage

Sharing

General

Target

FedEx Docs.exe
Size

229KB
Sample

221121-ngkaqabh9z
MD5

c568864dc1f921c09ecef26318d2ec76
SHA1

c975900a226269d980d8d5bcd989ad44ba0dc667
SHA256

3f00dc9a046489c35c6dbcfcf2d91dfe03f7f700574be6a87fa623381727f92a
SHA512

ba132e4637f3b9ee36762c21b374dccd522f18b6fc9660d7af343ff6f622ad83ce0c84cb85ec99aab38889f1d8f1ecf9bb8bd5bf712586c51334e6ce2116b032
SSDEEP

6144:MEa0N3GbdvIo4BrW1/eUFnhe8FtvqR9lWdz:X3QvIo4U86e83yrWx

Score

10^/10

formbook fqsu rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

fqsu

Decoy

GhfTqaOqC4FsyoQRW/8=

kbPIpd/8k1C6zJz5mYYdK90ZUA==

VIdg/CoNGeYJHA==

KhzoqndOhw1j43z0ew==

wv8mTDcsX2wJN/Q=

MqBgt6S+3BgGKBQHLZy7Ucg=

GyhOb++nZDi39NPK7dbaKapf

pBtD1UoSTdo3eSp9H7OhRqMV0TAuKMU=

WTzTg1w+fP4fMO0oPPM=

NS/tpGdUwkiMwqmgkxoSzjrQATAuKMU=

MnoSdM1hYn4tdwxjB2fX

3EUfH2EJY17mMf4=

V9/wg2yCQruVszm7V+4=

aNL8pZCGYW4Ej2LD

1Bif9VkmdgVfrJqRvl1GtlTZq1M=

9wHIgmB8EOB2uUVcUfk=

1Fdn15qem+fL1qhrY9xdQmAnVg==

Y32ThttYUUr6PsuRmozlNP74RD+uBz7dOQ==

f5HKyoWNAJLM2qjnZlizsvXDKFs=

mRfaGezap6ZyvJqthZvf

Targets

- Target
  
  FedEx Docs.exe
- Size
  
  229KB
- MD5
  
  c568864dc1f921c09ecef26318d2ec76
- SHA1
  
  c975900a226269d980d8d5bcd989ad44ba0dc667
- SHA256
  
  3f00dc9a046489c35c6dbcfcf2d91dfe03f7f700574be6a87fa623381727f92a
- SHA512
  
  ba132e4637f3b9ee36762c21b374dccd522f18b6fc9660d7af343ff6f622ad83ce0c84cb85ec99aab38889f1d8f1ecf9bb8bd5bf712586c51334e6ce2116b032
- SSDEEP
  
  6144:MEa0N3GbdvIo4BrW1/eUFnhe8FtvqR9lWdz:X3QvIo4U86e83yrWx
Score

10^/10

formbook fqsu rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

formbookfqsuratspywarestealertrojan