formbook | 579d13f3cd7acab8f6b9711c99fef396a325efad3a11a6cccb261437af1619a9 | Triage

Sharing

General

Target

579d13f3cd7acab8f6b9711c99fef396a325efad3a11a6cccb261437af1619a9
Size

1.6MB
Sample

221130-s72pxafh91
MD5

9f9ff2c8998e81058d583369b7a496de
SHA1

8fc0b5f4d6100e438fc734eb2082ba237efe0652
SHA256

579d13f3cd7acab8f6b9711c99fef396a325efad3a11a6cccb261437af1619a9
SHA512

98235d57d8395d89e9da377a48129aaf97640ea4fdddae65c4b5e1ae330d4b6911272ac953284fa8e752e28e3e0075b0dc153393c587c9a04ac24ac5481697bc
SSDEEP

12288:8WHyGfJqDJLZCpzeCptoDFjmjRPTjRPyjBjjijBjBjBjBjLjVA7nNi6HCZoU9+kw:rqqNeK2DgA7nNxCZLYHkgiPgp

Score

10^/10

formbook 2kf rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

2kf

Decoy

edmondscakes.com

doublewldr.online

tickets2usa.com

heyhxry.com

weightloss-gulfport.com

prosselius.com

newviewroofers.com

jacksonarearealestate.com

catparkas.xyz

pagos2020.com

sonwsefjrahi.online

franchisethings.com

nuocvietngaynay.com

sohelvai.com

mikeyroush.com

lamesaroofing.com

betbigo138.com

amazon-service-recovery.com

clockin.net

riostrader.com

Targets

- Target
  
  579d13f3cd7acab8f6b9711c99fef396a325efad3a11a6cccb261437af1619a9
- Size
  
  1.6MB
- MD5
  
  9f9ff2c8998e81058d583369b7a496de
- SHA1
  
  8fc0b5f4d6100e438fc734eb2082ba237efe0652
- SHA256
  
  579d13f3cd7acab8f6b9711c99fef396a325efad3a11a6cccb261437af1619a9
- SHA512
  
  98235d57d8395d89e9da377a48129aaf97640ea4fdddae65c4b5e1ae330d4b6911272ac953284fa8e752e28e3e0075b0dc153393c587c9a04ac24ac5481697bc
- SSDEEP
  
  12288:8WHyGfJqDJLZCpzeCptoDFjmjRPTjRPyjBjjijBjBjBjBjLjVA7nNi6HCZoU9+kw:rqqNeK2DgA7nNxCZLYHkgiPgp
Score

10^/10

formbook 2kf rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

formbook2kfratspywarestealertrojan