formbook | 9dbaa66ef9f31c83ab943932bc96eaf2d6e9c1995b427c75e6e9a259f2c91697 | Triage

Sharing

General

Target

9dbaa66ef9f31c83ab943932bc96eaf2d6e9c1995b427c75e6e9a259f2c91697
Size

1.6MB
Sample

221130-p3esssee6y
MD5

a03c2d4c4885db5f3e8264e2e0523ee9
SHA1

53d45a80e79d121ec6745cf8816acb7e6598b897
SHA256

9dbaa66ef9f31c83ab943932bc96eaf2d6e9c1995b427c75e6e9a259f2c91697
SHA512

6f2ec109bf1e5b96f35d2b8ff1cc8facad31f329adad3486198f5b80ba38e7a17bf6a10d355f770f4b05b16dc1fedacf43afeaecabdfc8d34b8e998e14135433
SSDEEP

24576:xlUjX00wR9Uqk8qW0gmRR1Gbp0PjcET+v3JR945EIy8o:xKjXMR9UN8lYGbp0P4E6v3Jf4

Score

10^/10

formbook rzn rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rzn

Decoy

lyeth.net

annatdinh.com

amber-pozzi.com

kalunenterprise.com

knightskysbts.com

drnishamaharaj.com

neverendingbreadsticks.com

asuvac.com

snapbidz.com

autovistoriapredial.net

eskisla.com

fiorej.com

probuscee.com

elysme.com

laizdancefit.com

pet-imports.com

imasshipping.com

greenflagcars.com

essentialoilphotos.com

demolition4us.com

Targets

- Target
  
  9dbaa66ef9f31c83ab943932bc96eaf2d6e9c1995b427c75e6e9a259f2c91697
- Size
  
  1.6MB
- MD5
  
  a03c2d4c4885db5f3e8264e2e0523ee9
- SHA1
  
  53d45a80e79d121ec6745cf8816acb7e6598b897
- SHA256
  
  9dbaa66ef9f31c83ab943932bc96eaf2d6e9c1995b427c75e6e9a259f2c91697
- SHA512
  
  6f2ec109bf1e5b96f35d2b8ff1cc8facad31f329adad3486198f5b80ba38e7a17bf6a10d355f770f4b05b16dc1fedacf43afeaecabdfc8d34b8e998e14135433
- SSDEEP
  
  24576:xlUjX00wR9Uqk8qW0gmRR1Gbp0PjcET+v3JR945EIy8o:xKjXMR9UN8lYGbp0P4E6v3Jf4
Score

10^/10

formbook rzn rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookrznratspywarestealertrojan

behavioral2

formbookrznratspywarestealertrojan