formbook | 5eab382b9338d93188634d7f10e192a9fe644753910f4a65c483ba76d440f133 | Triage

Sharing

General

Target

36858bb18574315047429775c5bdca18
Size

1.0MB
Sample

221128-3n8zzsca45
MD5

36858bb18574315047429775c5bdca18
SHA1

ebb242dcb189f0501f2631324af21eca9b7094a1
SHA256

5eab382b9338d93188634d7f10e192a9fe644753910f4a65c483ba76d440f133
SHA512

9d12738740fe779850a64c3e987eec32e105d7d464d9bdabe2fb124417d2fdbc955eb841b8161efdccb7fb1c66d58b1a56feca50699990499a6e77d12a0f4e8d
SSDEEP

12288:aSZIKqGtTfNuvWUYVoMkta4rHAnaNNZit1MU2adY+IcL1Nz0M4J7jl9Qg:acIEfNNUYVoMq1gaNnI4aV1yM4JrJ

Score

10^/10

formbook pgnt rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

pgnt

Decoy

0WG18LbM4lR9iqMRa4nlBzTb

jcfGYzPgZTqFZVO9FV2yIw==

laIfrdSC8/4CNg==

Q73ilev5GIWuOrAAFV2yIw==

Q2u/pMw7pv4sPA==

TbqvIUHwlQscPo0HFV2yIw==

8PNWfGPyE8n0IQ==

WtgROxXzvY2L

PryaRBNjm4eP

Y9Hdi06Cry1um9Sj68YAu1o=

3Gulyp7CMQtR78jvLkk=

JJ3GasTVTCRQT6Tfz6S6GlI=

RnS42bhb9tI0R6UpD6wOxriNxw==

he1mi2sOGfzTRGHnuA==

eaYjCtjxVjdU5XLRtBMBLKk9quA=

k9rTeEqYzzw8WaTfz6S6GlI=

5luVQwe2vJWKEAiMdF4=

MGW14L9OVk5Y5TaR6w/DqdhYxXVY

mAsYz6k6sQkDC0/DoHj9t1RPWLSgFQ==

y5klhuMbE8n0IQ==

Targets

- Target
  
  36858bb18574315047429775c5bdca18
- Size
  
  1.0MB
- MD5
  
  36858bb18574315047429775c5bdca18
- SHA1
  
  ebb242dcb189f0501f2631324af21eca9b7094a1
- SHA256
  
  5eab382b9338d93188634d7f10e192a9fe644753910f4a65c483ba76d440f133
- SHA512
  
  9d12738740fe779850a64c3e987eec32e105d7d464d9bdabe2fb124417d2fdbc955eb841b8161efdccb7fb1c66d58b1a56feca50699990499a6e77d12a0f4e8d
- SSDEEP
  
  12288:aSZIKqGtTfNuvWUYVoMkta4rHAnaNNZit1MU2adY+IcL1Nz0M4J7jl9Qg:acIEfNNUYVoMq1gaNnI4aV1yM4JrJ
Score

10^/10

formbook pgnt rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookpgntratspywarestealertrojan

behavioral2

formbookpgntratspywarestealertrojan