formbook

General

Target

Ziraat Bankasi Swift Mesaji20221129-34221.exe
Size

719KB
Sample

221129-h4c72abd5w
MD5

6a0ff43510923c27b144bf86b5e0a867
SHA1

880c264f12ea2175a81f7030dec9c7043093253f
SHA256

52426e75e25f69d9d7a8121464fe16a213ab48519ae10b2e2fc028ce86794a8b
SHA512

18f0247de11b5d3a7139f8c577560a2987fa706ed0b1eb8f08b01384d320508edbce31ceab050a82a09a97b8892680b3cab3e878bac4a1e7bfaa797ac8595c60
SSDEEP

12288:vX1wDXZCg8FEJLIJWyBgFuPDhd55slqVvsH4B4oks60PoSpK:vFwJpVIJxBnTzsOBI0Poo

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

qmpa

Decoy

IEiN8oqOnNUEkfZd

LWyAr1P5PHPV

tMGP9gYCIc9DKQ==

fWi2stCh2E3DBWuEK612

B3LCCi2JvPxfNA==

NjLnNjX+DDWt/VuEK612

AvK5/JdMDLztPRg=

U+zn2FswDLztPRg=

3bRIXGwsIc9DKQ==

EXmAoj3/7Cyl+VuEK612

1gkKPklP1odxx7c/Zm+L6HeV4g==

1cMaHDg0ypV0vbT2Ibh+/5Cj5xmAVxA=

MSyBdIV+6nFRloTQAwmFklQ=

qilszGJvhMUsHgaUx/MNSKuo6A==

WYKLwmYEij4q2Hy6sOc=

sjII/IyFmORBFPJ2dVjpG0Q=

mTjzaRwZ9OsEkfZd

iL27vFhbX5ECbBIJxvJKbPHFf9M=

5A5Xr0D5PHPV

IpxsaTO4a1/I

Targets

- Target
  
  Ziraat Bankasi Swift Mesaji20221129-34221.exe
- Size
  
  719KB
- MD5
  
  6a0ff43510923c27b144bf86b5e0a867
- SHA1
  
  880c264f12ea2175a81f7030dec9c7043093253f
- SHA256
  
  52426e75e25f69d9d7a8121464fe16a213ab48519ae10b2e2fc028ce86794a8b
- SHA512
  
  18f0247de11b5d3a7139f8c577560a2987fa706ed0b1eb8f08b01384d320508edbce31ceab050a82a09a97b8892680b3cab3e878bac4a1e7bfaa797ac8595c60
- SSDEEP
  
  12288:vX1wDXZCg8FEJLIJWyBgFuPDhd55slqVvsH4B4oks60PoSpK:vFwJpVIJxBnTzsOBI0Poo
Score

10^/10

formbook qmpa rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2