formbook

General

Target

payment_copy3_receipt.exe
Size

535KB
Sample

221203-k9lgpsab36
MD5

ea670d2f2b5b772c59b790bcc65c59f6
SHA1

e173a6d224a97430b89bd06df5b2a4fb50b17a30
SHA256

f11ff5bb01c4ad6c270b86f63b4209127d3521c98496f6bb2f021c99eaa881ba
SHA512

b4567a35305637dc8380ca04d634cc291722063f89fe9150881314a24f985d4c218e95e9fec343269591db7a458915bd66946822403dcf86c51936121bc3b4bb
SSDEEP

6144:lBnlWGbqJ4rPFzGCMrjCA6YCZzhKpNv9l2Di9jGn5HdDJRwkOMsPPrs/Ja1UV:w84JrkYszhm32CcxddRws6j2J5V

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

veh0

Decoy

eulOjQZkipo8

QwbusPrEgpY4

wa2T8+F5rPaBwA==

pHqtrZbvmnkn

FofuGpY05AV1GXzK

QzOsho4z81BsDSpsVf4=

M7qvjwRJ9Uh9sjUPKjJhQHSPC95K0Mb3vQ==

RpDcjMjmrPaBwA==

DnavFlx/AnqVWGkqQw5YGE2yhnrr

fXToBli75WjZUWTwfg==

C+zIIgw1oRGbvqpcfiRFw+MQNA==

a7STeCtyL/CDTAp26zFXE7DXKQ==

DIbpI4a5R7OdZsE=

DoDgGKtSGd1qeqA59V1sAPqn0uBEjCo=

ZfDZ6qHkgbzS75ebtUeUKBg=

miCSMfAn3B8xP8LXw94C

L/zGMQOscy3C0Ox24IGsxQ==

rPlWqyNf+Q/FflzeWXbHY5qx

aDRsdSnOrAu32Q==

tTKuCn+pT5y4wzVmA07fcoyo

Targets

- Target
  
  payment_copy3_receipt.exe
- Size
  
  535KB
- MD5
  
  ea670d2f2b5b772c59b790bcc65c59f6
- SHA1
  
  e173a6d224a97430b89bd06df5b2a4fb50b17a30
- SHA256
  
  f11ff5bb01c4ad6c270b86f63b4209127d3521c98496f6bb2f021c99eaa881ba
- SHA512
  
  b4567a35305637dc8380ca04d634cc291722063f89fe9150881314a24f985d4c218e95e9fec343269591db7a458915bd66946822403dcf86c51936121bc3b4bb
- SSDEEP
  
  6144:lBnlWGbqJ4rPFzGCMrjCA6YCZzhKpNv9l2Di9jGn5HdDJRwkOMsPPrs/Ja1UV:w84JrkYszhm32CcxddRws6j2J5V
Score

10^/10

formbook veh0 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2