formbook

General

Target

output(1)(1).js
Size

9KB
Sample

221128-j55jcahb89
MD5

457ddfc8f22d62496b18842824d69fe1
SHA1

7dbcf4a549128f0a108a40057c1b4a1c34a1023d
SHA256

b1a7f40f3e1a87d3db5daa508219e315d1d6ce77d772a7256eaa16d880359a90
SHA512

ae5c5176e164d5610c37a2950310b13735de175d0976809f4fa4fe4bf1bd19d87d4f5aa0ca453afe57512848cea80fe6432274c68da39a559e451a66d1d036ee
SSDEEP

192:ZblVH3Ye8iGlyi5K3hAwhB7VBOHwI+0eM1gr2JhEKyhOhr7kGLgIY9NhAAbmx:ZbciGlygwhBDOQI+EWwSLhOhX7gIY9N8

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

tu7g

Decoy

fbbktzFKN8MB1h8=

FPidEXGfkl0WqgXoVhHehw==

iHEjIL7XwJdpN6Er4Evhu03o

fHQTMsjqD3cPpQ==

VDXmCsr22oYhshz/Fg305nF21Q==

j4ZHfk5rRf6tVtwbMRU=

AORqAXKWy4R+//VwFdB6VVk=

9PW0Yw9RkIfer5+/bum7nlxwy1QfDQ==

ZU8mUjRgSOn3d0eFD3puQgVpnaAj

nlHgT2aJaMMB1h8=

+qc6XcgwdjVsEgKQ2zT+

/gCHJbBZrWjx1OZN40Hhu03o

48dX+WeLWAjFZMR2lItP8bJ87X4=

+N6H9VVzix7uogI=

Jf/NAPQe+8we7uftVhHehw==

YmANk8T+ix7uogI=

GTKxpLAYsJTl

pT8FM/QacYAV/+VInxn0

8JAnF9PnyZA29xH3Iw==

8ZdFPhCvGxYBxRCTqtB6VVk=

Targets

- Target
  
  output(1)(1).js
- Size
  
  9KB
- MD5
  
  457ddfc8f22d62496b18842824d69fe1
- SHA1
  
  7dbcf4a549128f0a108a40057c1b4a1c34a1023d
- SHA256
  
  b1a7f40f3e1a87d3db5daa508219e315d1d6ce77d772a7256eaa16d880359a90
- SHA512
  
  ae5c5176e164d5610c37a2950310b13735de175d0976809f4fa4fe4bf1bd19d87d4f5aa0ca453afe57512848cea80fe6432274c68da39a559e451a66d1d036ee
- SSDEEP
  
  192:ZblVH3Ye8iGlyi5K3hAwhB7VBOHwI+0eM1gr2JhEKyhOhr7kGLgIY9NhAAbmx:ZbciGlygwhBDOQI+EWwSLhOhX7gIY9N8
Score

10^/10

formbook tu7g rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2