formbook | 2e104eab7b0a3da0b429304eb0e738fd75f7c99dfb368a3a0c70ffd1d4206c01 | Triage

Sharing

General

Target

PROFORMA INVOICE 103321.rar
Size

804KB
Sample

221201-kecajsag34
MD5

4eb79c4fa6acd6d50d82b2f3cc6ae1c5
SHA1

e14a3d0ee909418f534e9c457d0c8e8a4f1416ca
SHA256

2e104eab7b0a3da0b429304eb0e738fd75f7c99dfb368a3a0c70ffd1d4206c01
SHA512

2306e493d03f52ef217bd0b550788e55dc4be7b023da47a4f8b99203b0d90c569d3186aa8ed6a48cfb8806fff108e3656c8cc3ec85c76d3acc7747bfd7e3c0ca
SSDEEP

12288:HmDIqmgXdq5tPOpsAfOpy7lG4Roh81TZP9STlukqBYn+so6sFyD1xrlukYjp:HgINgXdqjOGAfOZis83P9tiXtD1xR2jp

Score

10^/10

formbook d8ax rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

d8ax

Decoy

wQDD4HkJc+vErnk=

j7vdn039QTY5Gcs43SDb8R4gwLgFCI7s

ZqPN0enMl4As

kKK00fOMq6KZmHv6kZjEiTm3l1o=

CxCTti/0Dcs5qly/AVHoTg==

5TwVtD3wcevErnk=

/ieoWNXMl4As

caK67QvHGhmiEuKpidX2RA==

Bbyy3J6D1Qw=

LV5N2gOocvpbA/OB/w==

k7k2OMNsBY67libDOi4=

wuDokhS1jLo4mA==

RVGz6anMl4As

la40BCHFwoI/rpugbdoaWQ==

XmVnfY0nNACG5si5u8Ds6F79xw==

dpyQTuytl0/bShsFIYUaHRzIL4quYwxgTA==

yvmesDDPpTSrLhf5GlvvdaCZekhAsg==

obTEXhervaSWkSbDOi4=

ClZogXcOT1DcPyvgOKJM

Drlokv/cjLo4mA==

Targets

- Target
  
  PROFORMA INVOICE 103321.rar
- Size
  
  804KB
- MD5
  
  4eb79c4fa6acd6d50d82b2f3cc6ae1c5
- SHA1
  
  e14a3d0ee909418f534e9c457d0c8e8a4f1416ca
- SHA256
  
  2e104eab7b0a3da0b429304eb0e738fd75f7c99dfb368a3a0c70ffd1d4206c01
- SHA512
  
  2306e493d03f52ef217bd0b550788e55dc4be7b023da47a4f8b99203b0d90c569d3186aa8ed6a48cfb8806fff108e3656c8cc3ec85c76d3acc7747bfd7e3c0ca
- SSDEEP
  
  12288:HmDIqmgXdq5tPOpsAfOpy7lG4Roh81TZP9STlukqBYn+so6sFyD1xrlukYjp:HgINgXdqjOGAfOZis83P9tiXtD1xR2jp
Score

3^/10
behavioral1 behavioral2
- Target
  
  PROFORMA INVOICE 103321.exe
- Size
  
  916KB
- MD5
  
  6b34c7d21457240410f7526870fb3cc8
- SHA1
  
  ad4f885afeefe8d5c06f8ed14736705fb0b527f1
- SHA256
  
  4e299e221bff547ce81f39f447b914d120e8411bd4d38a5cf7014e5241e757ad
- SHA512
  
  1a8a7160adf1acea7cd76a7b739129f95afe931d9e5544d874e20d7f9c330c297618cb1f7cb69ced06fa22aaf95ef68dbf1df1e6898143061c8c360b3b48b61e
- SSDEEP
  
  12288:2ZMBqPwNK7sb7/sn1gSp4JZjAH1wBjGrCwDBo6RU2snF90NcZnbhR9jqI:he7w7En1gSp4TjQw5+CCrKFSNYbX9jn
Score

10^/10

formbook d8ax rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

formbookd8axratspywarestealertrojan

behavioral4

formbookd8axratspywarestealertrojan