formbook | 02b628dcbfaa0cad2ccde62b1cfb16425a8d40b4cad9de200569ce1b84981612 | Triage

Sharing

General

Target

SecuriteInfo.com.Win32.CrypterX-gen.24274.13707.exe
Size

885KB
Sample

221129-p2b1hsaf25
MD5

630ffd21c1de8a583a4e1627b8ac6534
SHA1

7cdb7d33a07326fa3b2699bb7308889a0920541a
SHA256

02b628dcbfaa0cad2ccde62b1cfb16425a8d40b4cad9de200569ce1b84981612
SHA512

9ee857113df144f0fed19c1c831cf4731b866e8b5a92417b11c445d2cb9a374c430a6c2fc4a7318bd01a0fdc756132d7f4895f0798a3fdf194ac3b223f10cd68
SSDEEP

24576:hIVD2ISXOaDU11ecODssqm/6rw5Roa/W9DdEPf:ha2RXOKcLsq46s5RoafP

Score

10^/10

formbook f9r5 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

f9r5

Decoy

teknotimur.com

zuliboo.com

remmingtoncampbell.com

vehicletitleloansphoenix.com

sen-computer.com

98731.biz

shelikesblu.com

canis-totem.com

metaversemedianetwork.com

adsdu.com

vanishmediasystems.com

astewaykebede.com

wszhongxue.com

gacha-animator-free.com

papatyadekorasyon.com

mqc168.top

simplebrilliantsolutions.com

jubileehawkesprairie.com

ridflab.com

conboysfilm.com

Targets

- Target
  
  SecuriteInfo.com.Win32.CrypterX-gen.24274.13707.exe
- Size
  
  885KB
- MD5
  
  630ffd21c1de8a583a4e1627b8ac6534
- SHA1
  
  7cdb7d33a07326fa3b2699bb7308889a0920541a
- SHA256
  
  02b628dcbfaa0cad2ccde62b1cfb16425a8d40b4cad9de200569ce1b84981612
- SHA512
  
  9ee857113df144f0fed19c1c831cf4731b866e8b5a92417b11c445d2cb9a374c430a6c2fc4a7318bd01a0fdc756132d7f4895f0798a3fdf194ac3b223f10cd68
- SSDEEP
  
  24576:hIVD2ISXOaDU11ecODssqm/6rw5Roa/W9DdEPf:ha2RXOKcLsq46s5RoafP
Score

10^/10

formbook f9r5 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookf9r5ratspywarestealertrojan

behavioral2

formbookf9r5ratspywarestealertrojan