formbook

General

Target

Purchase Order No. 4502717956.exe
Size

636KB
Sample

221128-m68tyadf2t
MD5

f0d59737a03d771cef9ac6fee3d09943
SHA1

d517eab4a14ce87a8d0a551ca3d046145e739dd5
SHA256

d1dd1f80a7b08c0b8ee7c3067df3d35dadc6af79b02761ccf70dfcaa53f76cd7
SHA512

318b662f312298d5eb8dd6345ad6c96c58bb8fc818268091646d049414e7df96585eaccbd06220beb635725ca25c15f3b4ab7dae06a354054410cdbeb8beed53
SSDEEP

12288:YTczpbKbfu90F4t72M6/nFo0B+aFo7keY528R+:YgFbKie2x4/kZ7kr

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

snky

Decoy

AiMFvkl6+A4HEgZ99q5x4naN7lGmvJo=

tvj/KUTKeKgxszIemQ==

DTrTokBrjB5leF4=

tPeTOuIjJPtH

taxtMdIygEdpskxzOQ2ZjoAEeA==

CxLuaKAFRrJyuIqQUPbhZw==

Tn4fapT5kPmk1H0gpXQ=

h5p8hDqGSiRzdSbV

i3lg8tbRNRU6jC9pQSOxzHYZgpbnOKBx

EwbfBo6m+UXU2qaVUPbhZw==

WpeenFSMquJ3xXD1/b43

niV5qTFu3tfmcgrI

fqyyyElbdxWswJ7A

Lh7o92ZOr4ghbwvK

Y2RYMDue4x+KszIemQ==

lN3Y3z5AS85eah1MDvfFQQA=

uq+Oqh8MNRxHOOkqA9lqYEZZhJU=

FEtGDeGnnRoSQEM=

TkMlruotvsmtpFwg6shr03LjwMWGow==

7PGx8hNMep8EMj5Q39dsq16IbbaIrA==

Targets

- Target
  
  Purchase Order No. 4502717956.exe
- Size
  
  636KB
- MD5
  
  f0d59737a03d771cef9ac6fee3d09943
- SHA1
  
  d517eab4a14ce87a8d0a551ca3d046145e739dd5
- SHA256
  
  d1dd1f80a7b08c0b8ee7c3067df3d35dadc6af79b02761ccf70dfcaa53f76cd7
- SHA512
  
  318b662f312298d5eb8dd6345ad6c96c58bb8fc818268091646d049414e7df96585eaccbd06220beb635725ca25c15f3b4ab7dae06a354054410cdbeb8beed53
- SSDEEP
  
  12288:YTczpbKbfu90F4t72M6/nFo0B+aFo7keY528R+:YgFbKie2x4/kZ7kr
Score

10^/10

formbook snky rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2