formbook

General

Target

MCS-DECEMBER ORDER-PROJECT PDF.exe
Size

1022KB
Sample

221125-snfy4afg37
MD5

4eadf0e3ae844d2373c7fd8e101dfc57
SHA1

637e2495fa2d0e3664e0d10f3440572a5cea61f6
SHA256

f93b6e5f1a11efa6dbf05ab7b4bfa26247bfcc7b467aba7de2fab6267de11623
SHA512

6c2241ef9a45e0a7aaf043075898ce1bd331b9b41dd09211c56c0de9729e4919de76d62326363fb948a931bb72a96e97d83459eeb5cfbf859b59f1f6753bd128
SSDEEP

24576:P5/KwaPGlttTfekpsPBQSBFpSiLl8scS6R:PJOGzJffpuBByiLuso

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

54ut

Decoy

1DeiXmzDLw+mW17NwLBXpXM=

Nouf/qArBV5GAPfIhxWPkDFrVQ==

9OCYganx4VaCX1EY/sUSfRDLx6s=

xh8rlilJ/SGckKI=

HGyA64YZyhUs3jvzno2F

yx7/XhxTuRiTcnLKrrOOXTrpW60=

ZYI6IbtcBFx+OpnLU0nXmw==

MhgenS1xYWYThQgS+A==

s0ada4bHHvtWWbYb

2/4IbaW+Ljsy6Ujzno2F

Z5WdKMj5YLgpH0ypdTEcLe2W/lf7j6Io

xXTmzNjzpvUMwTAHwYv2kw==

kcbnSAS0pkV2G1fXsFktVxiXmLTktXY=

PU0V5f0rnqjEhQgS+A==

Z8aNX4Sm/dbGhQgS+A==

s4bq4W4D4UJdYqqvU0nXmw==

a56Z6W0Asvwh3jzzno2F

Qmhm+fY3o6bEhQgS+A==

WIFCKZ/ZO+dCwTAHwYv2kw==

Nqjne5GxXbzY1f3Qp2rBkDFrVQ==

Targets

- Target
  
  MCS-DECEMBER ORDER-PROJECT PDF.exe
- Size
  
  1022KB
- MD5
  
  4eadf0e3ae844d2373c7fd8e101dfc57
- SHA1
  
  637e2495fa2d0e3664e0d10f3440572a5cea61f6
- SHA256
  
  f93b6e5f1a11efa6dbf05ab7b4bfa26247bfcc7b467aba7de2fab6267de11623
- SHA512
  
  6c2241ef9a45e0a7aaf043075898ce1bd331b9b41dd09211c56c0de9729e4919de76d62326363fb948a931bb72a96e97d83459eeb5cfbf859b59f1f6753bd128
- SSDEEP
  
  24576:P5/KwaPGlttTfekpsPBQSBFpSiLl8scS6R:PJOGzJffpuBByiLuso
Score

10^/10

formbook 54ut rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2