formbook | 502751e0b4a8acff074def25e8bf46495cc258100652ae11194aea84b5278fcf | Triage

Sharing

General

Target

formbook4.zip
Size

662KB
Sample

221129-kgxn9sfe8t
MD5

ef9f3e83b8d647bbf40f768846bc8c85
SHA1

0825637ee21c4b341849ebd18c8910f68264762c
SHA256

502751e0b4a8acff074def25e8bf46495cc258100652ae11194aea84b5278fcf
SHA512

ca30a5b1aaa76cb8b69bf13cb4e46ad6643b2e6faed5588060c8767e3a2c2d09469e878227a378682e803e6b10423b1bf4c54c875972dcf86160565c532ef340
SSDEEP

12288:FQHF1e57vZhFxafu3I19z7t8RXIvFuCFhQ/DcFNzJMiD4EMs6:0WPku3Iqs5rQ/DUbCs6

Score

10^/10

formbook 5pdf rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

5pdf

Decoy

cnoOEQHsI9ejYIEif1HquIlIogYo8Ow=

+pAzTzDtpZpp

djD/KBrcDAYQyOGt+Us+fA==

EJM2X0tTvNKodx36

86lMWj8hSQvtqtamtDE6kbKCy3c=

/ywYVB9fxjhRAg==

0OZ0eaYoArZ0

Kl0MifS5n1TXmIQBZLE=

2eN+GpZbBAJDAg==

E8OdZbo7E5cuJgSu2JNUfg==

wXQeNSUaXiXts3xLPw==

PzLRe+HePPeJJB8PJw==

BPaaT7LANzqtcROc+Us+fA==

/vB5AHAzcWtvN1TtGCkZ2L47OjGmU8RrWQ==

gwSl0rcfM/O7hCE=

NrtIzTsH96xB8a3HBhbfMkCs

bxu1vLuDaipA5w0OVuBc8Mw=

2IRJAE05bSVR4Oj7UeBc8Mw=

kQuq4sSpB/7gs3xLPw==

iqhd2Ea725sBlSE=

Targets

- Target
  
  formbook4.exe
- Size
  
  1.0MB
- MD5
  
  e434c99075bb1cc365706ac25bc1c53a
- SHA1
  
  4cbc665703ef6c5eb46608aa5b8fef42c6afe6f5
- SHA256
  
  f50fd444e689593c2b29b62961986f31fe2b61f28850d23680aab7671add1365
- SHA512
  
  a6de56271d64f1ec3c4049faaeb99b7822f22b0acb6716a5ac52f7726d6278724d3110361cf13b63d441af01c3668dcde727a3ba322af17e00b33b0b0abb4610
- SSDEEP
  
  24576:bpxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxNuss8gPkS3k:23cj+/ZEFdj
Score

10^/10

formbook 5pdf rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbook5pdfratspywarestealertrojan

behavioral2

formbook5pdfratspywarestealertrojan