formbook | 2b11d3a570fd45fda3e8c062f447e09dbabcfafee5e89f4258c0ac7c6e294fdc | Triage

Sharing

General

Target

2b11d3a570fd45fda3e8c062f447e09dbabcfafee5e89f4258c0ac7c6e294fdc.exe
Size

239KB
Sample

221130-s3498sch67
MD5

0acb5bcb968b08f9fa0275337eaf9d81
SHA1

9ff40194659288c71ee7ff01435eac29d5d55004
SHA256

2b11d3a570fd45fda3e8c062f447e09dbabcfafee5e89f4258c0ac7c6e294fdc
SHA512

a6c9ee59f120f5400ea08726337ed52d982184d71809f12255f44643fb6170e996a0bd89b5465b6498854978e0acab09e7cb7d6b912bcd1396e848392b1e986a
SSDEEP

6144:QBn1gQ5lYu+gRaCuvlFMC5oTlyEwP5Od6mcELn3Wm:ggQ4DgRaxL5oJmP5O3jmm

Score

10^/10

formbook n2hm rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

n2hm

Decoy

XCeG4IxNKbAl

YzJWbnC+El84nA==

KAJcdmP8yEcO5LXPCFF42Wfb

I+J+xYO95GJQWVU=

GtgxPPv3FmQmhw==

Og9NYF4xEl+j7vGTR93xvg==

506Cg07bsT0G6yK+A96H0h35V+JLkwI=

wAYXFN+pSFIXgQ==

ijzLI/f+FmQmhw==

UfT2PweNm+w8

GQWVw5aZnfF/kS5e

30BKYjua9zcA7gAwsPUngLnjyrBNEgo=

AM65OrmyFmQmhw==

VSlTVxISZ4J/kS5e

GGKj6K33SRh6e0/YzT5nQGlK5CXRqw==

B9H98cUUfX+AWOqiTA==

MxVffWOIoVnM37zrd2sTaOY=

z6bxCgG/mGhR7oDzQA==

pQgSLSRi6AK3M/PdArpX

6rRRsYuSnXx/kS5e

Targets

- Target
  
  2b11d3a570fd45fda3e8c062f447e09dbabcfafee5e89f4258c0ac7c6e294fdc.exe
- Size
  
  239KB
- MD5
  
  0acb5bcb968b08f9fa0275337eaf9d81
- SHA1
  
  9ff40194659288c71ee7ff01435eac29d5d55004
- SHA256
  
  2b11d3a570fd45fda3e8c062f447e09dbabcfafee5e89f4258c0ac7c6e294fdc
- SHA512
  
  a6c9ee59f120f5400ea08726337ed52d982184d71809f12255f44643fb6170e996a0bd89b5465b6498854978e0acab09e7cb7d6b912bcd1396e848392b1e986a
- SSDEEP
  
  6144:QBn1gQ5lYu+gRaCuvlFMC5oTlyEwP5Od6mcELn3Wm:ggQ4DgRaxL5oJmP5O3jmm
Score

10^/10

formbook n2hm rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

formbookn2hmratspywarestealertrojan