formbook | 987834ddf97f12dbb06e1f6820fd3436f0226dffa78ac6fcec8b31cc52fdb26b | Triage

Sharing

General

Target

SecuriteInfo.com.BackDoor.SpyBotNET.25.21875.15886.exe
Size

643KB
Sample

221128-zapgmshh31
MD5

fcd6f1cc2f300673b3940b9623f4267f
SHA1

d8f8e1b07996ba6d8d3f482c2ab710853ee91f8b
SHA256

987834ddf97f12dbb06e1f6820fd3436f0226dffa78ac6fcec8b31cc52fdb26b
SHA512

d31c8238e17de73f352e6a7bb62449e7de951b6d5a9e3cc7ebb47403c1b22ffa8e504a979f915fa28f25d3bdf6be7471f72d19d57567a86ff79892a77c094c50
SSDEEP

12288:dec3pbKbflZUMvkEN2KMK+SknwYDZD5BUUEwcfJZSpH+:d1ZbKbUM7MKJYVEEbp

Score

10^/10

formbook q4k5 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

q4k5

Decoy

ZXN4RZ1db9JIzC7mhQ==

5+KpXZWys/DewpGQbChh6uPT5SNzFQ==

A8YuEKESXrzBhw==

uYH/9+Amwe1ZMkaR

KAusoWlA4I1Rt0P0jA==

AgIBy9IHiq8cdo4h47hB

PsX/0DrQRr+0hQ==

3z4v9UwXBjNTf48h47hB

bySPUkT+SFuT

VsQK5NkDks06l5z+TUG3eetd/twx2Mcjlg==

3+DcnQWuXG84sOphj5LEHIv/hA==

TOZXSDkjSHDoLk/pl2HYpOXJ

q7GGZ9KJrss/oTNwyxI=

2+O/k7y22Qo=

Joatk/qnSoO3q48h47hB

KT1UQcQ9yxWFQzCI

onRBEIHmYIl9XzhAIMtPLFAh5SNzFQ==

a8IY/+/oCDOj2TuM4Ohc

UlIOzyniF1sRnTNwyxI=

8UJiR6gijbvt+exXo7oCvdNV4BE=

Targets

- Target
  
  SecuriteInfo.com.BackDoor.SpyBotNET.25.21875.15886.exe
- Size
  
  643KB
- MD5
  
  fcd6f1cc2f300673b3940b9623f4267f
- SHA1
  
  d8f8e1b07996ba6d8d3f482c2ab710853ee91f8b
- SHA256
  
  987834ddf97f12dbb06e1f6820fd3436f0226dffa78ac6fcec8b31cc52fdb26b
- SHA512
  
  d31c8238e17de73f352e6a7bb62449e7de951b6d5a9e3cc7ebb47403c1b22ffa8e504a979f915fa28f25d3bdf6be7471f72d19d57567a86ff79892a77c094c50
- SSDEEP
  
  12288:dec3pbKbflZUMvkEN2KMK+SknwYDZD5BUUEwcfJZSpH+:d1ZbKbUM7MKJYVEEbp
Score

10^/10

formbook q4k5 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookq4k5ratspywarestealertrojan

behavioral2

formbookq4k5ratspywarestealertrojan