formbook

General

Target

payment_copy2_receipt.exe
Size

535KB
Sample

221129-s22sqace36
MD5

9b8c61ded729ca6c9d5f7fded18eef27
SHA1

37fc137e9aa09fc01820cd90c851ca3aee6be72a
SHA256

c1609447bd7a2ee528d1f2145ebc3ad9a53efee61111824d22f935e497bac31f
SHA512

d2696cf0e8b169763a1ba52211edbbc729f4f3a2aee8b6c029138d0fa180000b1f1781e777edb7328520c057c522371a698279e5ad178fda5b961d127bca27f5
SSDEEP

6144:lBnlWGbqCEADGaF1B1XBx23XB0RQ4MXC+l1O45IDkQBha03YIjo4:wCEQGKy3R0qPHO45FQBhaM

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

veh0

Decoy

eulOjQZkipo8

QwbusPrEgpY4

wa2T8+F5rPaBwA==

pHqtrZbvmnkn

FofuGpY05AV1GXzK

QzOsho4z81BsDSpsVf4=

M7qvjwRJ9Uh9sjUPKjJhQHSPC95K0Mb3vQ==

RpDcjMjmrPaBwA==

DnavFlx/AnqVWGkqQw5YGE2yhnrr

fXToBli75WjZUWTwfg==

C+zIIgw1oRGbvqpcfiRFw+MQNA==

a7STeCtyL/CDTAp26zFXE7DXKQ==

DIbpI4a5R7OdZsE=

DoDgGKtSGd1qeqA59V1sAPqn0uBEjCo=

ZfDZ6qHkgbzS75ebtUeUKBg=

miCSMfAn3B8xP8LXw94C

L/zGMQOscy3C0Ox24IGsxQ==

rPlWqyNf+Q/FflzeWXbHY5qx

aDRsdSnOrAu32Q==

tTKuCn+pT5y4wzVmA07fcoyo

Targets

- Target
  
  payment_copy2_receipt.exe
- Size
  
  535KB
- MD5
  
  9b8c61ded729ca6c9d5f7fded18eef27
- SHA1
  
  37fc137e9aa09fc01820cd90c851ca3aee6be72a
- SHA256
  
  c1609447bd7a2ee528d1f2145ebc3ad9a53efee61111824d22f935e497bac31f
- SHA512
  
  d2696cf0e8b169763a1ba52211edbbc729f4f3a2aee8b6c029138d0fa180000b1f1781e777edb7328520c057c522371a698279e5ad178fda5b961d127bca27f5
- SSDEEP
  
  6144:lBnlWGbqCEADGaF1B1XBx23XB0RQ4MXC+l1O45IDkQBha03YIjo4:wCEQGKy3R0qPHO45FQBhaM
Score

10^/10

formbook veh0 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2