formbook

General

Target

NHYGUnNN.exe
Size

269KB
Sample

221129-lgna9sfe87
MD5

4f9c8432b57fa1aa875071de547ba947
SHA1

e1cc52fd851621743ba562a65161bfafed8e6b2b
SHA256

9f0d17930a9312b8d8dfb23119b57fed676a1bb15fc1582754ab94201651b221
SHA512

ced221c2e5225a8ead486e52f1c5307b24dbaff8864c7262f2d6f58cad3184753d1f2afe525c3afa122ddcafeab38845dafd2f7a22169bfac026375e7962481d
SSDEEP

6144:RhwendE8+/O+oImP2Qcy7ZwpeA9pg6Cer0K7+UUcT9gxyRClRcOpoik:EAHdP7ZwpeApT0K7+UUQ99RORcOpoR

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

4u5a

Decoy

Y9HWoINcPu0r7SSSKt4FCmk7

G/E64auYdhRQM4wZW2bcOaY=

bL57APty/StRpW49a+EdxA==

TppryJ0SoslHe8gJFVc=

HXxDShYIEcUJDahdv2nvl5Hlbp4=

EKaq5c6w0nV3WWlEqM4Www==

VM+YjE8XS1OLcH1roYF4zA==

OwK0wxmBGnq2Fg==

B1zy4bulyfY9tj9DK2eIkeYArpTt

Avj5JeA8m9girqfQ4+cZxA==

AOY4dmDFkCdX8HUJMw==

5cQUw3pPMYr07V8=

P7ZsN4/zt63AEw==

FYyVCOpB8Vl//kSkDLPo91Yy

jxwZTBp+5gcsccPxDF+K4bDG2Rpp0A==

iGx9AO58DRhZbXX9

prwVyLkAtlhSU6irmansg8wArpTt

uqa8ZPl+FFObOkdFNg==

tL4OhF22EDaEOkdFNg==

6exH76Z9o7eu/n86vgPE

Targets

- Target
  
  NHYGUnNN.exe
- Size
  
  269KB
- MD5
  
  4f9c8432b57fa1aa875071de547ba947
- SHA1
  
  e1cc52fd851621743ba562a65161bfafed8e6b2b
- SHA256
  
  9f0d17930a9312b8d8dfb23119b57fed676a1bb15fc1582754ab94201651b221
- SHA512
  
  ced221c2e5225a8ead486e52f1c5307b24dbaff8864c7262f2d6f58cad3184753d1f2afe525c3afa122ddcafeab38845dafd2f7a22169bfac026375e7962481d
- SSDEEP
  
  6144:RhwendE8+/O+oImP2Qcy7ZwpeA9pg6Cer0K7+UUcT9gxyRClRcOpoik:EAHdP7ZwpeApT0K7+UUQ99RORcOpoR
Score

10^/10

formbook 4u5a rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Blocklisted process makes network request
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Loads dropped DLL

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2