formbook

General

Target

Inquiry for Sincola Machinery Co.,Ltd.js
Size

9KB
Sample

221123-rq95aacc8s
MD5

a68eba24491346cf7c631847bc7cc3f3
SHA1

53fa80c29e51aefdfb28c1613185b9e024970d55
SHA256

a4ab80049941f79e310e791e0f26108f9c5105ebef9731c9942074f395324d75
SHA512

dba9333613f3c10fb0111e766b90c5334fc36ad8faa0d987b83f9be246aa134642d472ba6142a6dec83d62a94610f9f68fed9777825809d000272a2d2b79d54d
SSDEEP

192:g0vh7Qc0FMeu/pHnep/puk7vo4fcf1J08wVLheo4FbLlhssH1UPkOcX9tXZWwcZ4:gadr0yeu/pHnep/puk7g4Ef12VjSLbpD

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

tpd2

Decoy

P83Fr0F3A2KiI+cW

Pp1caIMEnr/EFk6Eu415Y1M=

O5eVsiutrsnUK6kDF6El

wxvn/yutO1JimCRM5HI=

F+ahRJCkyfI4Xwoe

ozU8V7MKMIba4U98/3w=

b4GDF1u0P2p62t1Ka3o=

KomBjwSImCdhtq7eMmQ=

1zqJLbw2x46Z8Q==

lal5nLUpt9Fjqeo=

yifkCkmeS5Of5dXwSWlkCIsXZA==

fK2zUmVxp/I6q91Ka3o=

MQa3V3RrSpKT

TzYGjdgculPW3Qs+6XM=

dVgMubs7KzuD6A==

CSAuug6iPk1Wn5K/8lQ9mQ==

hBOyTXIs6TuX612tLW0=

onmqz912c5So4uYW

zLHGWnnDYrHrLixltY15Y1M=

9wcJlsgDO4rnN2F+tY15Y1M=

Targets

- Target
  
  Inquiry for Sincola Machinery Co.,Ltd.js
- Size
  
  9KB
- MD5
  
  a68eba24491346cf7c631847bc7cc3f3
- SHA1
  
  53fa80c29e51aefdfb28c1613185b9e024970d55
- SHA256
  
  a4ab80049941f79e310e791e0f26108f9c5105ebef9731c9942074f395324d75
- SHA512
  
  dba9333613f3c10fb0111e766b90c5334fc36ad8faa0d987b83f9be246aa134642d472ba6142a6dec83d62a94610f9f68fed9777825809d000272a2d2b79d54d
- SSDEEP
  
  192:g0vh7Qc0FMeu/pHnep/puk7vo4fcf1J08wVLheo4FbLlhssH1UPkOcX9tXZWwcZ4:gadr0yeu/pHnep/puk7g4Ef12VjSLbpD
Score

10^/10

formbook tpd2 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2