formbook

General

Target

Advice Ref SCA1Sv2.exe
Size

1.0MB
Sample

221128-twddlsgf82
MD5

36cffbbe00ff9dd2a5c813d43dc2749b
SHA1

80a003e052f3cdc9bd10803882c198684bff8574
SHA256

97a6db96fa0467a8cbe068fe3b09b0c03c2be85e2902503464e3af90e4e80af1
SHA512

b417c23df1a8c0fa2860d59d6886230b4648f66eb4ba269cc2514570a0f8b3bbee4cd653b0543ef3b07a02b6c52c657665303add260b6c1093e277a990ba089e
SSDEEP

12288:WU2EIn2uWBQmER9Ai2flfLO/caYVT/XG4Vcfe+y/qv2q7KqRmZ4dUpkD0bxMMJPc:WRWBQLKNkcfvHcfe+y/qvjG7xMMJ1q

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

8ch8

Decoy

EpMcJgRhXLgnbGVS1w==

PT1CWj241lPTuYLqz4cMQug=

iW5zo5XTlCyvPyc0hZ+/Ww==

3TiaoYnZM2R/2Jxzj/YY/wSb

gmIzUUXL9Y9CJH1OhZ+/Ww==

TdhX816H2NfWDDA8zg==

hrO4y8wSaEd20IZmhZ+/Ww==

hpV3JYmIC104sSI=

OO5xgWfn6pzCBp3kOas=

wJJtjXKWWuN0B4D/Zq+h+MJnVA==

cG5OST1xygeTEXTwN+gtU+o=

DEkjtjWwSl04sSI=

4jIoyEKj+0h76T8=

CBgIFRBAneBly2N666Yv0uI=

q7/M5ri8J104sSI=

X3FOWUW6vIeYk2QMLPV/GR/KuJlO71Nn

Pk5Xbmm7K2oM390ILKE=

AJLzkApAgKHYDDA8zg==

Z1BN4jzHtGx8ZiKO2DMnznIiArHLh6E=

1WnEWMU1nd7aSQ==

Targets

- Target
  
  Advice Ref SCA1Sv2.exe
- Size
  
  1.0MB
- MD5
  
  36cffbbe00ff9dd2a5c813d43dc2749b
- SHA1
  
  80a003e052f3cdc9bd10803882c198684bff8574
- SHA256
  
  97a6db96fa0467a8cbe068fe3b09b0c03c2be85e2902503464e3af90e4e80af1
- SHA512
  
  b417c23df1a8c0fa2860d59d6886230b4648f66eb4ba269cc2514570a0f8b3bbee4cd653b0543ef3b07a02b6c52c657665303add260b6c1093e277a990ba089e
- SSDEEP
  
  12288:WU2EIn2uWBQmER9Ai2flfLO/caYVT/XG4Vcfe+y/qv2q7KqRmZ4dUpkD0bxMMJPc:WRWBQLKNkcfvHcfe+y/qvjG7xMMJ1q
Score

10^/10

formbook 8ch8 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2