formbook

General

Target

SecuriteInfo.com.Trojan.NSISX.Spy.Gen.24.29757.14304.exe
Size

254KB
Sample

221130-cy6dqsdd7w
MD5

2832483a7a311902ae9fa5d7b6cf6eda
SHA1

cebd82649420adacb8a382665f175d479c8655af
SHA256

9fef2569a2570b70806120838c82b6012d36790205c82254b848ec862005ec3a
SHA512

652a448d43b5e7eda69018eedb17297f963eb771606096413fb1b7ee4f7b4da35c80e1aebcacf1954456267e23a1507b08a3a35bb318c4573b492c3a867d7f50
SSDEEP

6144:LBnbpM4DXtWFfsHj8DANpiTGgfKxtQD+R075MLx0r:FpTDXmsHlNpYGgwt3R0leU

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

k6n9

Decoy

NzUYPBPnE+UWNJX0b/5zZQ==

ZcsDmdfNeiREr4loZ9k=

p4Pecr+pmTFp+Az4AGoSpvqp

4jwUP0ApYThdpDmZcNp+xuej

0tmQjRQKSQbR0N86

MgfR+qwWljDdagbsn8Ukr8bc8A==

shQ3YCpOQPp/9g==

Q4mmwEidJLBJug25c6Vxcg==

OM1kEJDdGNpv7nMy

7FmP1iykTQZ7q0Hq5g==

9lVGWV44H63+A5oGc6Vxcg==

Bs97fiCGUye5Osm9xsOYZnb8SEC+YszE

xJMBmQj3MRDV7MBXzEep

mJpebAH7RkkGGbsZwZ/weg==

u6FXU+JCphyVyCsUBP0Spvqp

B/mwulPBDRm5q0Hq5g==

E+JiHcUb7gR+8A==

BgGOL5SLfQ9BzuPDxzeVKEIuOKDL

wZdfmzTbOcnEF3Mi1QnVpPCo

J63Z+Jv5L+JOhd+zc6Vxcg==

Targets

- Target
  
  SecuriteInfo.com.Trojan.NSISX.Spy.Gen.24.29757.14304.exe
- Size
  
  254KB
- MD5
  
  2832483a7a311902ae9fa5d7b6cf6eda
- SHA1
  
  cebd82649420adacb8a382665f175d479c8655af
- SHA256
  
  9fef2569a2570b70806120838c82b6012d36790205c82254b848ec862005ec3a
- SHA512
  
  652a448d43b5e7eda69018eedb17297f963eb771606096413fb1b7ee4f7b4da35c80e1aebcacf1954456267e23a1507b08a3a35bb318c4573b492c3a867d7f50
- SSDEEP
  
  6144:LBnbpM4DXtWFfsHj8DANpiTGgfKxtQD+R075MLx0r:FpTDXmsHlNpYGgwt3R0leU
Score

10^/10

formbook k6n9 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2