formbook

General

Target

Purchase Order No. 4502717956.exe
Size

659KB
Sample

221127-g2lkysee85
MD5

56478f00ad85f32b299aa3450f761901
SHA1

8bea35f5c67818749cbcf9a367735fea13c32894
SHA256

77a99df0938f000db363d3f123fed3a7e6c6b9ebce4f9f59d68a277327d15eb4
SHA512

39e02f1355b953926683509b64c889554e390716c170d735837b53299d4afb3654e5e7a1890bd43cd259d7d06fb15b529ffc5380a8cce121f69c45853e7ef177
SSDEEP

12288:H7EIZxD7RP51oQP/ZcrHrEr3MyLWETdDGw3zH+fvmWxsZPbLj:H7ElQP/ZioLWadDGwafvmGcbL

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

snky

Decoy

AiMFvkl6+A4HEgZ99q5x4naN7lGmvJo=

tvj/KUTKeKgxszIemQ==

DTrTokBrjB5leF4=

tPeTOuIjJPtH

taxtMdIygEdpskxzOQ2ZjoAEeA==

CxLuaKAFRrJyuIqQUPbhZw==

Tn4fapT5kPmk1H0gpXQ=

h5p8hDqGSiRzdSbV

i3lg8tbRNRU6jC9pQSOxzHYZgpbnOKBx

EwbfBo6m+UXU2qaVUPbhZw==

WpeenFSMquJ3xXD1/b43

niV5qTFu3tfmcgrI

fqyyyElbdxWswJ7A

Lh7o92ZOr4ghbwvK

Y2RYMDue4x+KszIemQ==

lN3Y3z5AS85eah1MDvfFQQA=

uq+Oqh8MNRxHOOkqA9lqYEZZhJU=

FEtGDeGnnRoSQEM=

TkMlruotvsmtpFwg6shr03LjwMWGow==

7PGx8hNMep8EMj5Q39dsq16IbbaIrA==

Targets

- Target
  
  Purchase Order No. 4502717956.exe
- Size
  
  659KB
- MD5
  
  56478f00ad85f32b299aa3450f761901
- SHA1
  
  8bea35f5c67818749cbcf9a367735fea13c32894
- SHA256
  
  77a99df0938f000db363d3f123fed3a7e6c6b9ebce4f9f59d68a277327d15eb4
- SHA512
  
  39e02f1355b953926683509b64c889554e390716c170d735837b53299d4afb3654e5e7a1890bd43cd259d7d06fb15b529ffc5380a8cce121f69c45853e7ef177
- SSDEEP
  
  12288:H7EIZxD7RP51oQP/ZcrHrEr3MyLWETdDGw3zH+fvmWxsZPbLj:H7ElQP/ZioLWadDGwafvmGcbL
Score

10^/10

formbook snky rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2