formbook

General

Target

REF344266679.rar
Size

521KB
Sample

221125-hm3rcshc63
MD5

d15b1940acdbe9463e6f7ad027bbb208
SHA1

b79dd4b6a82db6d407809051272aba490bccc9bc
SHA256

02a8883d9ab27440dcfadece3b732e4e9147f8450ef1256e55d6c5b62c7d69c5
SHA512

8164d613067daf038b3d274e1c4786d3b040e3dbd5bd7b0f4f483d3a29cc098c34b726096c97f94938618d6b0e9ad0630d3f44eac20bf9c5b536c0c177cd42ef
SSDEEP

12288:RrV+AofRmWNajEASfbf3m8SRTH/JgkXEjJljT4w:gfOtS7m8SRTfauEljR

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

bmr1

Decoy

q05YNsJC4MpYLGAf4A==

6KUzKCvwX0fwzrFQXvlucw==

KA4ZibW1w+hWN5Q=

TfgNq18tIWtsM7h+DexncQ==

zspNqjUKBdJVHTkiMMXJYeF7G53bVvMPoA==

hopQr+b8KzPIbMWvw0Yxir6cyw==

2thmt+17FR/MVsakbM/+w3xGOhopJw==

5gO5gfA6jwna/4FNSPqrvvHyr2A=

kqtr0wr9KaOXVMyDDexncQ==

PNldyz0Boa5cLGAf4A==

Gysor7fqabd0UzTwWp3Zir6cyw==

pMRgV18gtLorB21prX4=

ukpf+vu2u+hWN5Q=

pcS/rO+KmPMj69G9cMHnoSEm59cbIQ==

4fWGzv347bFNDYJeeIHKG5co

WXlRyM2Yn+4Ab1EgRAFHWdGDCzf1

ZPoM+2U1cwMzteOBsHY=

o8jQoNron4sT3A/KomE=

7QX8tTpv/A+YKw==

wFvmV8SY/A+YKw==

Targets

- Target
  
  9YPS0Z3E3FXg0EB.exe
- Size
  
  690KB
- MD5
  
  c697ea68b7fbd24afb372ca479d48031
- SHA1
  
  aa26ceae317672587df112a62771d46a03fdf8c1
- SHA256
  
  69aa2e3cac902f024d6bb90201fc3703bc8c0501a2c7885b56ac4767e5f41c3c
- SHA512
  
  84e787006ac0698034ae1d8e6e0ea2b2e71f5ccb20fe0fddc27522c7c0a2a943e228b90e0a9c28e9cb59d26bcee4589efbce5d1922ef60260ec8d6309ae3a988
- SSDEEP
  
  12288:UcYA6GhOWYx/M+4ZUO5GVr/CSh8oJFKNIayQofjSCYmZJbxpDF:vYpKN5qrKI8o/3aI+CY
Score

10^/10

formbook bmr1 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2