formbook

General

Target

NEW PURCHASE ORDER_PDF.exe
Size

694KB
Sample

221128-l6smaaah5w
MD5

cd2b13a269e4c6a8838a2fc606569368
SHA1

afcabd48a8d7ae1fa1087c352b4c4418a40096da
SHA256

4fe14578d232d798a8aa4564ac8721be8d05b85ea32e7a85f97de0f34abcff7e
SHA512

c41a582d09e07b2a8004622892ceaa378965f03163d1a6a26551ee7df19af055d0eb78b2b77dad484ca2d266a6ac7162b0c75852d056ebe27734d69e1fdba11b
SSDEEP

6144:7Bn1pkNz07AFqV5/kcbVJloA/NpZbFjOKMvMi7su/zmXF874Ns:P5/bZJTpiKMkKsunES

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

54ut

Decoy

1DeiXmzDLw+mW17NwLBXpXM=

Nouf/qArBV5GAPfIhxWPkDFrVQ==

9OCYganx4VaCX1EY/sUSfRDLx6s=

xh8rlilJ/SGckKI=

HGyA64YZyhUs3jvzno2F

yx7/XhxTuRiTcnLKrrOOXTrpW60=

ZYI6IbtcBFx+OpnLU0nXmw==

MhgenS1xYWYThQgS+A==

s0ada4bHHvtWWbYb

2/4IbaW+Ljsy6Ujzno2F

Z5WdKMj5YLgpH0ypdTEcLe2W/lf7j6Io

xXTmzNjzpvUMwTAHwYv2kw==

kcbnSAS0pkV2G1fXsFktVxiXmLTktXY=

PU0V5f0rnqjEhQgS+A==

Z8aNX4Sm/dbGhQgS+A==

s4bq4W4D4UJdYqqvU0nXmw==

a56Z6W0Asvwh3jzzno2F

Qmhm+fY3o6bEhQgS+A==

WIFCKZ/ZO+dCwTAHwYv2kw==

Nqjne5GxXbzY1f3Qp2rBkDFrVQ==

Targets

- Target
  
  NEW PURCHASE ORDER_PDF.exe
- Size
  
  694KB
- MD5
  
  cd2b13a269e4c6a8838a2fc606569368
- SHA1
  
  afcabd48a8d7ae1fa1087c352b4c4418a40096da
- SHA256
  
  4fe14578d232d798a8aa4564ac8721be8d05b85ea32e7a85f97de0f34abcff7e
- SHA512
  
  c41a582d09e07b2a8004622892ceaa378965f03163d1a6a26551ee7df19af055d0eb78b2b77dad484ca2d266a6ac7162b0c75852d056ebe27734d69e1fdba11b
- SSDEEP
  
  6144:7Bn1pkNz07AFqV5/kcbVJloA/NpZbFjOKMvMi7su/zmXF874Ns:P5/bZJTpiKMkKsunES
Score

10^/10

formbook 54ut rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2