formbook

General

Target

tmp
Size

696KB
Sample

221126-pg5gbsfe31
MD5

07205206a527ceb42ff33e18897d3b01
SHA1

abe1605c002d6fea1f1cc3d18003e21d8e1ead84
SHA256

df240dd59b12cc79fd1afcbae82d36ba57cff186f18991a69fd42d1ef4639208
SHA512

9f8046acfcf5f680055e7dc92e96353a42934ed73e8278d7ad8d55821e2107df84759bb4cde3b7f9e89aa0f2c0a774ef0219dcdccec92c9baffd2925d19b8652
SSDEEP

12288:iONJgh/PsZ1DX/VDJ3YM16h7MeQhlELG2NKPh6M5RC7:i+Jgh/PWn7oG2UoM5K

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

8hj6

Decoy

BPkphuLe3gBqfzJH1ZS0lzbRYw==

AMTxHcVHvLNwyogVF8SBkayHurU=

LOpN3n9Pjs2UI+oi1TMRyKqm1zr7Wg==

JDMgT/Us5w/NixQ=

MPSFlLYAFB3z

WeAEPsYnuT4RqJgSAw==

Cc9tepEFmnhatTrwHgQbNHQ=

iCGVsr8Lk3gUwXgo

+YX0IkWtcWZX445/IabQ

dFLJMtQdnup8p2CMDw==

TQ/GAhh5CP3nUMd/IabQ

g1OUvdLuvC4imZZbVQXxyGML

FRedytsqrpCA+9wIZeeMmayHurU=

k5OZ54nDlIIUwXgo

GCU1ZPY+TeKX9582

KvKuwGN8c9vk

o2mQnTrCiPq9omMhmTs=

SQ9FZuwk+GJXWA==

r03GDqMLl/PfqJgSAw==

2tPB6oKzhZBJmlhnzZUMHGk=

Targets

- Target
  
  tmp
- Size
  
  696KB
- MD5
  
  07205206a527ceb42ff33e18897d3b01
- SHA1
  
  abe1605c002d6fea1f1cc3d18003e21d8e1ead84
- SHA256
  
  df240dd59b12cc79fd1afcbae82d36ba57cff186f18991a69fd42d1ef4639208
- SHA512
  
  9f8046acfcf5f680055e7dc92e96353a42934ed73e8278d7ad8d55821e2107df84759bb4cde3b7f9e89aa0f2c0a774ef0219dcdccec92c9baffd2925d19b8652
- SSDEEP
  
  12288:iONJgh/PsZ1DX/VDJ3YM16h7MeQhlELG2NKPh6M5RC7:i+Jgh/PWn7oG2UoM5K
Score

10^/10

formbook 8hj6 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2