formbook

General

Target

Grafinger-CVE2-530334.exe
Size

291KB
Sample

221122-lfww1sgg47
MD5

d7647797381bfa84ccd377fb5d1a6f34
SHA1

d0b980c107e2e20f9494b7fa534366db2a7e9a78
SHA256

4e099dee4b6248ffd4a4a86bee02311e91b065143138b6bd87e1fb5bb882bcd7
SHA512

a947ee1293ca383d83b03806b49951182b634a4429b9e76094c0d27b5e52fdaadd0e4e0340ced26ed7b5d91d22e575f58ec32d7e1a0c26671674b110dbb14d3c
SSDEEP

6144:+Ea0JTBoewUWcWkZGdREaQlCT/T++K3l5tP:lTBXwUWlk84tsC+AV

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

g2dc

Decoy

OqIwFVmXHnPUgdurr7I=

0YwewYtWNLZdkF7Q

HFT6VwOYdkifOpbT1h9DcYQ=

D+zGTvGlpriTumzBbw==

gMSID89/QqMV8yjH

HN5/g0/3yJBsnZCig9Qf

Hl33xdRU8xaC1rY=

/rhq03DorPAUH2bSp6228fGQ

gBwzCyfHge9SumzBbw==

NuOmK9+fenLQa9urr7I=

cA4+yKM4IQjpFwMt1BQEUJ1q6y0=

gpK3pqdoVNu93yS0uhocUtQmtQ==

3i3tx82Rf7yQdIyeprA=

FTo+4qVlVK7gIgxi0g3bUA==

7kDtq4wo6+cV8yjH

Dc123pIo9vcNuR9pwkQ0pPpHvQ==

KYREtH0zKNiI374=

Tok2qF4n2XOiRw==

DYFtA6ZXUJfA3MLhRtTVTQ==

C8poIeeskBCxEYHIbQ==

Targets

- Target
  
  Grafinger-CVE2-530334.exe
- Size
  
  291KB
- MD5
  
  d7647797381bfa84ccd377fb5d1a6f34
- SHA1
  
  d0b980c107e2e20f9494b7fa534366db2a7e9a78
- SHA256
  
  4e099dee4b6248ffd4a4a86bee02311e91b065143138b6bd87e1fb5bb882bcd7
- SHA512
  
  a947ee1293ca383d83b03806b49951182b634a4429b9e76094c0d27b5e52fdaadd0e4e0340ced26ed7b5d91d22e575f58ec32d7e1a0c26671674b110dbb14d3c
- SSDEEP
  
  6144:+Ea0JTBoewUWcWkZGdREaQlCT/T++K3l5tP:lTBXwUWlk84tsC+AV
Score

10^/10

persistence formbook g2dc rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2