formbook

General

Target

SecuriteInfo.com.Trojan.Garf.Gen.6.9110.8665.exe
Size

247KB
Sample

221130-t78znagd48
MD5

e6d350443298710c357a4a51a09d4a81
SHA1

6e563bfe1917e2b88a340495e6f3f6850384dc06
SHA256

9b6c0f168cdbcc0aedb4884e856777cf5c31f55d9c3e09cb2e2ead9e53a3ce63
SHA512

15f8463a3bb9625a1d7f877c82a93c0866bcfb69e71693ffc9f3b6580709c0ceb62f6b6ce3d3bd1d1a008440bd8f43c4c4d8f8c7cd91f449a3a795ab8198cf47
SSDEEP

6144:LBnbP1MAaVfa7ZEYkEiqYf9Ly7toeA8HIx8n70sRGkGPv:FSPJet7YftyGeA6K+a

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

k6n9

Decoy

NzUYPBPnE+UWNJX0b/5zZQ==

ZcsDmdfNeiREr4loZ9k=

p4Pecr+pmTFp+Az4AGoSpvqp

4jwUP0ApYThdpDmZcNp+xuej

0tmQjRQKSQbR0N86

MgfR+qwWljDdagbsn8Ukr8bc8A==

shQ3YCpOQPp/9g==

Q4mmwEidJLBJug25c6Vxcg==

OM1kEJDdGNpv7nMy

7FmP1iykTQZ7q0Hq5g==

9lVGWV44H63+A5oGc6Vxcg==

Bs97fiCGUye5Osm9xsOYZnb8SEC+YszE

xJMBmQj3MRDV7MBXzEep

mJpebAH7RkkGGbsZwZ/weg==

u6FXU+JCphyVyCsUBP0Spvqp

B/mwulPBDRm5q0Hq5g==

E+JiHcUb7gR+8A==

BgGOL5SLfQ9BzuPDxzeVKEIuOKDL

wZdfmzTbOcnEF3Mi1QnVpPCo

J63Z+Jv5L+JOhd+zc6Vxcg==

Targets

- Target
  
  SecuriteInfo.com.Trojan.Garf.Gen.6.9110.8665.exe
- Size
  
  247KB
- MD5
  
  e6d350443298710c357a4a51a09d4a81
- SHA1
  
  6e563bfe1917e2b88a340495e6f3f6850384dc06
- SHA256
  
  9b6c0f168cdbcc0aedb4884e856777cf5c31f55d9c3e09cb2e2ead9e53a3ce63
- SHA512
  
  15f8463a3bb9625a1d7f877c82a93c0866bcfb69e71693ffc9f3b6580709c0ceb62f6b6ce3d3bd1d1a008440bd8f43c4c4d8f8c7cd91f449a3a795ab8198cf47
- SSDEEP
  
  6144:LBnbP1MAaVfa7ZEYkEiqYf9Ly7toeA8HIx8n70sRGkGPv:FSPJet7YftyGeA6K+a
Score

10^/10

formbook k6n9 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2