formbook

General

Target

EDF101602AB8EEBC9642FB56728B45E0F00D9E669DD08FEBB0D4F85D08DBDC5E
Size

509KB
Sample

221123-r2x9vsdb61
MD5

0613cdcd124dbbf1ef1776e9d8a8e3c1
SHA1

422a058adc32e176f3a8cf6d7d605e99d7e477dc
SHA256

edf101602ab8eebc9642fb56728b45e0f00d9e669dd08febb0d4f85d08dbdc5e
SHA512

2a62820cbbb96e849351df77b71ec1e625b23bff34ed3c29a498e15855c6e8c556f843610ece8e12aedc0e7c0bb0ed5c77b66e9b5f0da71de3211a2f5bf1ef15
SSDEEP

12288:evRABUQg4ddmRG947jvpZ4wrCzBAP6ywhISajgr9Dv:evRQJmtv7rryyYije

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

u2t4

Decoy

is0/Kr2pwzJzsQ==

Br+Y1UJXBRwi

3xyPgizUdKz09BsETkl8og==

ze1TAoMAaDPX/7U=

UVOHbw2GAq+PuIWSsQ==

OFq93KpeAiRsF44pjf8c

UjleSFYu2ROPbM8guwc/3jgL5FIc2g==

ow7s/hPgGLjvqwpJxQRltDRE

3OpfZ+axwzJzsQ==

pL9MWhCRBLWPkHMroyxnEnVM

EkLh+4L0Zn/kqj3SzhKGlog=

7WFAPUAKqMzaOaf3h/0jUEsP5FIc2g==

Npp5j75QZShZGHHS0xKGlog=

TzqeenZDdYzTtA==

YZgC6XhkQ/MxdomLwxKGlog=

gZsaHLeQT/1Yl4FYhfAKLV/kkbg=

6jTksbcyDbLMEbkU

RlKKaAnhnksyMwR/mB9umKUWjocoa24=

oDtW4wgWu8cPx93u0AqTK2A7QzRM

JyJyIEb6tH/4mdvroC9pDnIi5FIc2g==

Targets

- Target
  
  VSL_BUNKER INQ(009-010).exe
- Size
  
  724KB
- MD5
  
  a4cb79737cd6958c38b7bba6e414d795
- SHA1
  
  688d24bcf41841ad8d7b9b1b90ec6c5c20dae498
- SHA256
  
  b93895bf25b4802252c954577edfceb1ec4288270bbd04a5aa6226f7c974774a
- SHA512
  
  0a7fd76c1ae2b8ca0974f0589cb1da4a1b8cbcd55d2f84cbd8f59f9f68ab4153b53d1d6394a9d80965c2a27ace3138bf237279be34704308a0315c1ba324b10b
- SSDEEP
  
  12288:Vx8sg+dhSpDh1rAKm4xUXXTXjfRCbYiLMTPcu3d6lM/:AkdU5z+JXTTfRGC3
Score

10^/10

formbook u2t4 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2