formbook | c411a390b1b6d2a1f0673c449aaffccc6dcc258b0a165d7e609ef163c4fb42fa | Triage

Sharing

General

Target

c411a390b1b6d2a1f0673c449aaffccc6dcc258b0a165d7e609ef163c4fb42fa
Size

1.2MB
Sample

221130-q5rqtafb32
MD5

37c143bd56ecfe511d90d06da76ade93
SHA1

25078f86a10f251aad286ce81a7fcc72d3c28851
SHA256

c411a390b1b6d2a1f0673c449aaffccc6dcc258b0a165d7e609ef163c4fb42fa
SHA512

76bacf4078c5037520e65288973751e9d6ce9e05c96e3396f21e30cbec86b225d94e44e8d0df92d29e4b19aa8b9bf8dbcccef53d929903c21bd83414c200a4ac
SSDEEP

24576:0mpkkZ7iYtU+wkxEbjw3I+g+qYsmj2BN:l6kZ7iYtEI3I+FWmj

Score

10^/10

formbook dka rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dka

Decoy

dollvador.com

aartigemsandjewellers.com

nbmiaojiang.com

thecharcuteriestop.com

fmldmlfdfmlfmdr.com

tikeok.com

onemoresysadmin.com

digistore-shop.com

chinahhf.com

petagonya.com

f22.info

siddhamedicineshop.com

vtiqb0.icu

sex-lesson.com

informationnelchamanique.com

bluewaterssportfishing.com

kmresults.com

jambokid.com

amplion.tech

thepaperstorw.com

Targets

- Target
  
  c411a390b1b6d2a1f0673c449aaffccc6dcc258b0a165d7e609ef163c4fb42fa
- Size
  
  1.2MB
- MD5
  
  37c143bd56ecfe511d90d06da76ade93
- SHA1
  
  25078f86a10f251aad286ce81a7fcc72d3c28851
- SHA256
  
  c411a390b1b6d2a1f0673c449aaffccc6dcc258b0a165d7e609ef163c4fb42fa
- SHA512
  
  76bacf4078c5037520e65288973751e9d6ce9e05c96e3396f21e30cbec86b225d94e44e8d0df92d29e4b19aa8b9bf8dbcccef53d929903c21bd83414c200a4ac
- SSDEEP
  
  24576:0mpkkZ7iYtU+wkxEbjw3I+g+qYsmj2BN:l6kZ7iYtEI3I+FWmj
Score

10^/10

formbook dka rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookdkaratspywarestealertrojan

behavioral2

formbookdkaratspywarestealertrojan