formbook

General

Target

Quotation Request - 10001.exe
Size

974KB
Sample

221123-lcf2dsec6z
MD5

8adef204222f1f04ca7cab99cc19acd0
SHA1

ca9f9f95b42dd59cb9f6025b2b2bca16519fc00f
SHA256

90212e18e6b4b235bbb6f4083bd0a2c491e0be12edc600199eb0ed0839d9a554
SHA512

413e126fd5598dc1cba282595cad155d841d8222f861e264a857ef956f1d8f3deb63ae92be12737de3e3b89a5c51cbefa544500885127a3429bd7714ec6a89d5
SSDEEP

24576:sp3ym7jOPcdHAcWohx6n53nD29Zgu/P2Up+L74mBfNUstzo:sp3fHOPHohxC3nD6Zgu/uU

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

m5oe

Decoy

HdR8hG6r12hBYuHY4zv6YeeFPQ==

tD1V9gswYvgQXEGd

1xKtJ1LdqRYMRMC84U1A

MbhjiWb7Lz8z7KIWl3UyUIJwA6Tb

joVB5Xggy2RtE+odsZg=

TrduAIay6Y3SvoIK20xI

pSna7LOsXXwXT/zz3Iow4g==

QnthmO4Qst5gC3sDoA==

eAirzOOgO7SOCenz3Iow4g==

xg0uSbfLTg==

YWQXwyGRzPEHzGrDFE8CBSE=

ujLnfuXoH9dbgHIK20xI

291v0XsGFrYQXEGd

MRvTd/qMuaHpjCM=

X131fLC6VWX4MsvCb2IPjIfq8wlksWfg

Y9Bur8DbgqFt/Yni86MMCCE=

q6RTBmJkmy5pWTmmCCrvmuCDPw==

mQS26DojT+EQXEGd

sjHQ+Kav2Wx9FeodsZg=

JA24UKnTA5re1LhcQaVo/w==

Targets

- Target
  
  Quotation Request - 10001.exe
- Size
  
  974KB
- MD5
  
  8adef204222f1f04ca7cab99cc19acd0
- SHA1
  
  ca9f9f95b42dd59cb9f6025b2b2bca16519fc00f
- SHA256
  
  90212e18e6b4b235bbb6f4083bd0a2c491e0be12edc600199eb0ed0839d9a554
- SHA512
  
  413e126fd5598dc1cba282595cad155d841d8222f861e264a857ef956f1d8f3deb63ae92be12737de3e3b89a5c51cbefa544500885127a3429bd7714ec6a89d5
- SSDEEP
  
  24576:sp3ym7jOPcdHAcWohx6n53nD29Zgu/P2Up+L74mBfNUstzo:sp3fHOPHohxC3nD6Zgu/uU
Score

10^/10

formbook m5oe rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2