formbook | ef0ceab01e813f995915d6c596bd663a469928024e9295b093388a4a7215bb1d | Triage

Sharing

General

Target

ef0ceab01e813f995915d6c596bd663a469928024e9295b093388a4a7215bb1d
Size

694KB
Sample

221121-rpp3qadd32
MD5

c4523a20a3e46acad92e1cb38adc378b
SHA1

3f239f11ee2a8728cc65266111abbf64b1f8dc53
SHA256

ef0ceab01e813f995915d6c596bd663a469928024e9295b093388a4a7215bb1d
SHA512

4b0c6c0615b8c16583e21e7b68ec5c38e0f5ac1f480f3308d5734ce598836a2e27a80e2959458690ee9dcd7544ece9fad7e23b6c0356784524d6e0e439b4162b
SSDEEP

6144:rEa0dpkNz07AFqV57lNO4/mq3kl9SK5WO+Dg/Fb5aHDiTBfA+RhdUx9:Y57lNPmikl9SK5WAHkDiT5AshOf

Score

10^/10

formbook 54ut rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

54ut

Decoy

1DeiXmzDLw+mW17NwLBXpXM=

Nouf/qArBV5GAPfIhxWPkDFrVQ==

9OCYganx4VaCX1EY/sUSfRDLx6s=

xh8rlilJ/SGckKI=

HGyA64YZyhUs3jvzno2F

yx7/XhxTuRiTcnLKrrOOXTrpW60=

ZYI6IbtcBFx+OpnLU0nXmw==

MhgenS1xYWYThQgS+A==

s0ada4bHHvtWWbYb

2/4IbaW+Ljsy6Ujzno2F

Z5WdKMj5YLgpH0ypdTEcLe2W/lf7j6Io

xXTmzNjzpvUMwTAHwYv2kw==

kcbnSAS0pkV2G1fXsFktVxiXmLTktXY=

PU0V5f0rnqjEhQgS+A==

Z8aNX4Sm/dbGhQgS+A==

s4bq4W4D4UJdYqqvU0nXmw==

a56Z6W0Asvwh3jzzno2F

Qmhm+fY3o6bEhQgS+A==

WIFCKZ/ZO+dCwTAHwYv2kw==

Nqjne5GxXbzY1f3Qp2rBkDFrVQ==

Targets

- Target
  
  ef0ceab01e813f995915d6c596bd663a469928024e9295b093388a4a7215bb1d
- Size
  
  694KB
- MD5
  
  c4523a20a3e46acad92e1cb38adc378b
- SHA1
  
  3f239f11ee2a8728cc65266111abbf64b1f8dc53
- SHA256
  
  ef0ceab01e813f995915d6c596bd663a469928024e9295b093388a4a7215bb1d
- SHA512
  
  4b0c6c0615b8c16583e21e7b68ec5c38e0f5ac1f480f3308d5734ce598836a2e27a80e2959458690ee9dcd7544ece9fad7e23b6c0356784524d6e0e439b4162b
- SSDEEP
  
  6144:rEa0dpkNz07AFqV57lNO4/mq3kl9SK5WO+Dg/Fb5aHDiTBfA+RhdUx9:Y57lNPmikl9SK5WAHkDiT5AshOf
Score

10^/10

formbook 54ut rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbook54utratspywarestealertrojan