formbook

General

Target

kCGCNKYCnqgQSEJ.exe
Size

552KB
Sample

221201-fza6rscb3s
MD5

e823afd1e909b794b2f2602ecadd15cc
SHA1

4c6d24c796faebc2b54f981e2f8127187b08aa4b
SHA256

33709e54333a4b6cc832c1cfbc3eae6d7c256642931f2fb6e47d26bb2d191cfa
SHA512

8a45b1d0910ad632a73f3d23d5c3dc63f745ffb3e318c91f4826a80666c983d5308abec58f708749124a84e101c97f6302ad3c2320016cbc18bfe8092a9e20b1
SSDEEP

6144:KoLEvklriDeOCH0IG0ocHtIgzH7R4u8pHrjstXlTna84yMDFqrnHKzYPrAV3+go4:FGqGNoC4P8Lj87QyMUjHZi3+U49jq

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

rjwn

Decoy

03o7kR/VYOT8r06ry8Ku

nhzRGt5dmI+rX14=

fxLQJLh1IdH3jGuZ1KBvy/sK4Q==

GAU9GqrQnwWRKMfS7KTmrg==

xyidkidiZ/CAIrOchLc38Ckd

qpaUZjfKUOAKBI+C1Q==

tn919W/lRcHaoraZK53frA==

zEQOdA3OY/EHnYvF7KTmrg==

MJALDhT0sw68hUTcnNMUVI/EiWY=

FwpKMs0PRYvGVxbSy3mxZtw=

9IBBwo1zU45kK0M=

baAZGqfBu1HmiS0OWuM38Ckd

+fUxM/QxXJmvPfzwdUI=

WZYOXSolDIEOz9lzR0c4UAA71p19tw==

n6Hftzs+TYbFBI+C1Q==

UdyBA9GXFou2hZJ1/W9ihcM=

jrgyH63jDVl3Rg3KVAhYg8M=

74f/sGdLgw0RrxLszsOs

rivUOgDVVdIGBI+C1Q==

eZ0hfm//kK/IgQ==

Targets

- Target
  
  kCGCNKYCnqgQSEJ.exe
- Size
  
  552KB
- MD5
  
  e823afd1e909b794b2f2602ecadd15cc
- SHA1
  
  4c6d24c796faebc2b54f981e2f8127187b08aa4b
- SHA256
  
  33709e54333a4b6cc832c1cfbc3eae6d7c256642931f2fb6e47d26bb2d191cfa
- SHA512
  
  8a45b1d0910ad632a73f3d23d5c3dc63f745ffb3e318c91f4826a80666c983d5308abec58f708749124a84e101c97f6302ad3c2320016cbc18bfe8092a9e20b1
- SSDEEP
  
  6144:KoLEvklriDeOCH0IG0ocHtIgzH7R4u8pHrjstXlTna84yMDFqrnHKzYPrAV3+go4:FGqGNoC4P8Lj87QyMUjHZi3+U49jq
Score

10^/10

formbook rjwn rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2