formbook

General

Target

6F784F69CB7FE8239144D952198851CBC46B0BAC48513072E413E4791C249148
Size

1.2MB
Sample

221123-r2xnbsdb6y
MD5

dcf2602d8182e13dc263075a963bca8c
SHA1

26aa51fc99917ba9a6cfd99b3006c1f41c382ac9
SHA256

6f784f69cb7fe8239144d952198851cbc46b0bac48513072e413e4791c249148
SHA512

98d810be246ed0850491c735aa69f00e75cd3bd79bcde96763029f4ce529f404dd79f7b6b20328d0843f9ae231690dcf744f6442bf33706bf0eb6da177093d8b
SSDEEP

12288:7Bl33Hu46VjIJkzn7tHTN6UWMWttsvWDbE07kyLL1XXMQ+/:f33Hutt7tHVzWttwCoyLJnM

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

k056

Decoy

fwbv3hvmOvGJor0SucbYaw==

dPS1J/7EnO4HLGyEK5g=

SS8JAOFiuSVV6RZGJu77OFMhqZy8/g==

qq8P4T2vCHpTdSA=

YizYxj1vCWea

zFIWvC5zIW6XLXQJ

WkgqG/ZIoXokDRDoi/wx

pRgEcnl0gEcoNQ==

N7iI3zC+J7gMvg7oeAom

ZiseluxvCWea

XSIHe8wWI5sJaxUB

sqmJ99OuerfC8Nozz0houOdEZA==

YRPg1zbyXUYITBexxg==

GpqSCm+yx167hr2NP8nsU0+zCJCV

hjLrRIUglTKaN9xvFpo=

57GuN9LOsxZgHXYJ

xbnEpvDEOz58fzc=

nEgC9VlfIhb0TBexxg==

62s9soaDaIuoQqoTucbYaw==

59TSNYLGzlOfUas7CYqjKx19W4Kd9g==

Targets

- Target
  
  FSO31092.EXE
- Size
  
  511KB
- MD5
  
  a35b2b622c8cf61de54ad8273aca8d12
- SHA1
  
  3d7ab379db1ebb329c96f1b7f9aafd3f23172f20
- SHA256
  
  03dad90bfcdbb7273d9ec8970c3c3467600822b8244dab5cb8dbb2b2c5f389e6
- SHA512
  
  2cccef663cce06d8b5e304c76af40bd45c81c34354aba9a96d7b55c7cf96fbed32eafb207176b91c8bd1b3929a5015e7ea9211e06acaa7e449f71fc5b542cdda
- SSDEEP
  
  12288:UBl33Hu46VjIJkzn7tHTN6UWMWttsvWDbE07kyLL1XXMQ+/:u33Hutt7tHVzWttwCoyLJnM
Score

10^/10

formbook k056 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2