formbook

General

Target

639b8c7c6c073dba732b3bf637198ef8
Size

1.1MB
Sample

221128-3qwgnscb43
MD5

639b8c7c6c073dba732b3bf637198ef8
SHA1

678981a9dd87757102383c8179213e4fdb50f981
SHA256

cb51a857dc33e532754e21259545e94dd518baff0783b8dd0623a20621af3a28
SHA512

c6d5ffffe53e6472dfe7cb12380ee2619cc353994ab7aee682ca5b97a7dfc2b7cd0e9d0ea49d38626ed82256bb391860e3ac3ae67b07150a15711a5de8dd75a9
SSDEEP

12288:NQnk3GDYKGcblOOO8veSJJ9F5qhBWX7riHB7BF7M9VVRyF/2gLrQ8H5Z/wwC+r1Q:XAOcZPOeJ9FEeHiT7MdIF/2gzf3hL69p

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

nurs

Decoy

caixinhascomcarinho.com

abinotools.com

oporto-tours.com

iruos.com

yesmamawinebar.com

wwwscu.com

habit2impact.com

antigenresearch.com

ux4space.com

diarypisces.com

cryptopers.com

lovingmoreband.com

beerwars.net

ascariproject.site

livesoccerhd.info

bluestardivingschool.com

pluik.com

snorrky.space

lcoi9.com

phantomxr.com

Targets

- Target
  
  639b8c7c6c073dba732b3bf637198ef8
- Size
  
  1.1MB
- MD5
  
  639b8c7c6c073dba732b3bf637198ef8
- SHA1
  
  678981a9dd87757102383c8179213e4fdb50f981
- SHA256
  
  cb51a857dc33e532754e21259545e94dd518baff0783b8dd0623a20621af3a28
- SHA512
  
  c6d5ffffe53e6472dfe7cb12380ee2619cc353994ab7aee682ca5b97a7dfc2b7cd0e9d0ea49d38626ed82256bb391860e3ac3ae67b07150a15711a5de8dd75a9
- SSDEEP
  
  12288:NQnk3GDYKGcblOOO8veSJJ9F5qhBWX7riHB7BF7M9VVRyF/2gLrQ8H5Z/wwC+r1Q:XAOcZPOeJ9FEeHiT7MdIF/2gzf3hL69p
Score

10^/10

formbook nurs rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2