formbook

General

Target

document_M0234.exe
Size

249KB
Sample

221130-nhy59shg4t
MD5

0b6c508dec4b6647dca3d1bd61b002d4
SHA1

5f85f53b7f2e54d74fa7733ecc51d5e8819e4bf6
SHA256

1a67a5a9f3b74eb679eb5d2684961322941e9243aafd225c2fc08024f63fb59e
SHA512

036286c289f8b0963acc44d5f35d3527a6ad899b24c72688c64be88274b3cdf837cca618f7827d763e92984c8bf7e8d025abda62dbf4806d192555fd2cd969e7
SSDEEP

6144:gBn1Qvgd4/Vb+WwPpYM1ZKaUqjkb3Gi3S37:wQvF/B/eCMWa1S3p3S37

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

9qtp

Decoy

0BbXnywB2jUlm9nKiMma

R5A2IaujqtD/dAqI8Y0IpQ==

hOvaxGAt51Bx33P7Vyt6XPnYWw==

IDg+M/RH+D5aQ18d8Y0IpQ==

W1xH1/2HTrysGWEUdK2equ4Y

qHgkqNn4xTo4

8S7brii3eMzty+KgvBqIXPnYWw==

j8x44wKIXrW2tRiH8Y0IpQ==

GywuINvBRm2eaNY=

dTja44gPmQhkiaLZ

s6aIdgBm7Dx5fsUB2rE=

m5h7cA6JHX1p5ylfoc4ouA==

uDxNFJgassFFTdQ=

RERUNcLCgdAOabklo1PDTjf5Uw==

pKeadO1BswJQKXZ0tAkBF9wkNVs=

xd7Yr00rxzGBNlS1XA==

01Jd2fhoQpThdH5Sc8sprQ==

oOSWBCeNDDWeB8M=

EV8ae4iFCmdrT78Zr6VnObkG

Ghkc7nZnXXPEOX1FUToisZc=

Targets

- Target
  
  document_M0234.exe
- Size
  
  249KB
- MD5
  
  0b6c508dec4b6647dca3d1bd61b002d4
- SHA1
  
  5f85f53b7f2e54d74fa7733ecc51d5e8819e4bf6
- SHA256
  
  1a67a5a9f3b74eb679eb5d2684961322941e9243aafd225c2fc08024f63fb59e
- SHA512
  
  036286c289f8b0963acc44d5f35d3527a6ad899b24c72688c64be88274b3cdf837cca618f7827d763e92984c8bf7e8d025abda62dbf4806d192555fd2cd969e7
- SSDEEP
  
  6144:gBn1Qvgd4/Vb+WwPpYM1ZKaUqjkb3Gi3S37:wQvF/B/eCMWa1S3p3S37
Score

10^/10

formbook 9qtp rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2