formbook

General

Target

11-29-22.exe
Size

121KB
Sample

221129-lbbehsfb23
MD5

e906026bef372da3ac8618be9c0a1787
SHA1

d98429fcff9d667e116c8b99469070e7bdb0de59
SHA256

d13d078e3ca43adb581966a669f056116b1aaee681d1b6c026f0b6f4bb606324
SHA512

403de6adc801b3f460967f0b0d63003647265be67cc0336aeb60a1c31cdbed00199eb43c8bed489c777299db36f88f785b99e29bf15b4f3615bd907b3431f4cb
SSDEEP

3072:VEvf9OEud7hY72rOAOkGt6+duWA/t/SHUebbxCbGgKk12qk/In/87gUHCzQgtn9x:u9OnGZwLf8

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fs44

Decoy

whneat.com

jljcw.net

pocodelivery.com

outofplacezine.com

yavuzcansigorta.com

xinhewood-cn.com

cartogogh.com

5avis.com

joyceyong.art

digitalsurf.community

blackcreekbarns.com

magazinedistribuidor.com

sportsgross.com

drevom.online

mayibeofservice.com

gareloi-digit.com

permitha.net

renaissanceestetica.com

facts-r-friends.com

dach-loc.com

Targets

- Target
  
  11-29-22.exe
- Size
  
  121KB
- MD5
  
  e906026bef372da3ac8618be9c0a1787
- SHA1
  
  d98429fcff9d667e116c8b99469070e7bdb0de59
- SHA256
  
  d13d078e3ca43adb581966a669f056116b1aaee681d1b6c026f0b6f4bb606324
- SHA512
  
  403de6adc801b3f460967f0b0d63003647265be67cc0336aeb60a1c31cdbed00199eb43c8bed489c777299db36f88f785b99e29bf15b4f3615bd907b3431f4cb
- SSDEEP
  
  3072:VEvf9OEud7hY72rOAOkGt6+duWA/t/SHUebbxCbGgKk12qk/In/87gUHCzQgtn9x:u9OnGZwLf8
Score

10^/10

formbook fs44 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2