formbook

General

Target

4_6048434599929842876.js
Size

9KB
Sample

221124-byys8aaa97
MD5

f0d8c4e88c78cb534e1bf4df33cd0edf
SHA1

56e576823ce200a5d079b245cec26c4e1af71b4b
SHA256

392d3c413e8ea60cd0c8ec8876f0ff381aac710dce9ccb7f0f3432117582ee89
SHA512

25601825fd6b756aa65f84ab3bbf7f9ed3b953ea77d26b36fbeb91979c3d8abd0f655a9ace4f0510073a890c1fada5bd147a71bca6a563aa01c1dd66d1150082
SSDEEP

192:gRwZrQjrWzVD3CxZRfVjl/yzrPKs3RuHLKyJW7X1Kz5uMYICz5uaYzZ46Qz5IaYr:vZQjrWo3/ySa42yYFNaxSr+uai01z7U0

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

a3c0

Decoy

sQND4WdTOlkFZlIDVHk3N6w=

q+EQwUVJu0rqKMvucOA=

nf4X7hV5HnoX

D2GdxSupGqxnbntNXXJp+w==

KoafL5HWwP+dkIBzBGFB5g==

1xVJ44BmoRm3DNlzGHJX

UYqmwE2sg4Vs5dM=

Jo62P3tOy75tHQ==

/GeWSaKPP50rCg==

PZnUga+I0irSgi0Mieg=

Qq3jB6ADzvuvtjaTC2zo8w==

/EuBFH8FGV4K

X77vcuHgVNFutJyPCWj00bya

8G2Ond0wiP7wr1q4

FHaWv/JCjt7Im5NFHnNf

FG2UQcq8nnlv1c4=

WaW7Fh1B8o01AA==

B0prj62IYqtFLyEECFgQ1JKD

LYeyy+6iB2sV

zxVH23VoYL1fYBiGVL62CvZe0A==

Targets

- Target
  
  4_6048434599929842876.js
- Size
  
  9KB
- MD5
  
  f0d8c4e88c78cb534e1bf4df33cd0edf
- SHA1
  
  56e576823ce200a5d079b245cec26c4e1af71b4b
- SHA256
  
  392d3c413e8ea60cd0c8ec8876f0ff381aac710dce9ccb7f0f3432117582ee89
- SHA512
  
  25601825fd6b756aa65f84ab3bbf7f9ed3b953ea77d26b36fbeb91979c3d8abd0f655a9ace4f0510073a890c1fada5bd147a71bca6a563aa01c1dd66d1150082
- SSDEEP
  
  192:gRwZrQjrWzVD3CxZRfVjl/yzrPKs3RuHLKyJW7X1Kz5uMYICz5uaYzZ46Qz5IaYr:vZQjrWo3/ySa42yYFNaxSr+uai01z7U0
Score

10^/10

formbook a3c0 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2