formbook | f786969468695b70b06cc87c4628d1c64888068a88007326376bfa977c887fe5 | Triage

Sharing

General

Target

f786969468695b70b06cc87c4628d1c64888068a88007326376bfa977c887fe5
Size

961KB
Sample

221130-wjnpxscc47
MD5

489a932f0f830c254f5985659d39c62e
SHA1

0f7e2d9f7968229472e440e574143147601921a1
SHA256

f786969468695b70b06cc87c4628d1c64888068a88007326376bfa977c887fe5
SHA512

454d77ad50dfd9fefbdce4acd270fb5c0f0b16b1269116bdcf08868b503dd89f8cbcbd7ab1234320e54d60aa6e3808317a031a738d78f7219b3b70aa74a1e3f7
SSDEEP

12288:SK16ZLSbKnkXl5ZwH4kIF9RcvYk4+CWfJf2IOl7de:SKEZYckXLZwYk4cCIfx2B7d

Score

10^/10

formbook ntg rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ntg

Decoy

successwithyolandafgreen.com

theordinaryph.com

atamyo-therapeutics.com

pophazard.com

anthonyfultz.com

pasanglham.com

kanekhushi.com

littlefishyswim.com

kaieteurny.com

fanavartima.com

digexpo.com

se-rto.com

chaos.finance

bakldx.com

after-school.pro

faithfromphilly.com

estudiomuradian.com

albertocerasini.com

andronna.com

wingspotusa.com

Targets

- Target
  
  f786969468695b70b06cc87c4628d1c64888068a88007326376bfa977c887fe5
- Size
  
  961KB
- MD5
  
  489a932f0f830c254f5985659d39c62e
- SHA1
  
  0f7e2d9f7968229472e440e574143147601921a1
- SHA256
  
  f786969468695b70b06cc87c4628d1c64888068a88007326376bfa977c887fe5
- SHA512
  
  454d77ad50dfd9fefbdce4acd270fb5c0f0b16b1269116bdcf08868b503dd89f8cbcbd7ab1234320e54d60aa6e3808317a031a738d78f7219b3b70aa74a1e3f7
- SSDEEP
  
  12288:SK16ZLSbKnkXl5ZwH4kIF9RcvYk4+CWfJf2IOl7de:SKEZYckXLZwYk4cCIfx2B7d
Score

10^/10

formbook ntg rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookntgratspywarestealertrojan

behavioral2

formbookntgratspywarestealertrojan