formbook

General

Target

tmp
Size

2.1MB
Sample

221204-qc4jxabf75
MD5

dc86d8c67a66d23d6cba86036dacd475
SHA1

3c803edc8f87f3c69c460ccf1255ed8c9c1651f6
SHA256

a8d97304d740bb44b27e40303d72326a34d30973e801161f4bf026fff552c1a8
SHA512

941b380f3c393ebb776b0d181b290550b528534f50b6bb55ada418f3639d8ccd07587303a7b680937c0b641e838cc2f98265d93f56d7bbcd9419e7a2512a69f3
SSDEEP

24576:MuOolI+AqJiMqbPf8/cEnn8jrO+jfn2QaRgRBmjb+Ba56r19EvAI3eQFZ:x3Aq0U/cbjjL2Q+gRBKyq6r19mAI3RF

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

do25

Decoy

nickifarina.site

nfptrwge.bar

nobreemporio.com

split-acres.com

sharingservice-act.com

nakedinktees.shop

zhensheng1988.com

ipiton.com

liftoffdigitalmarketing.com

karen.cool

theprotestantchurch.com

shirhadarr.com

azdtwp.com

comzestdent.com

jnsjh.com

in-heat-cool.com

dfefej.top

tumingchun.com

eisei-shouji.tokyo

sparecreeping.com

Targets

- Target
  
  tmp
- Size
  
  2.1MB
- MD5
  
  dc86d8c67a66d23d6cba86036dacd475
- SHA1
  
  3c803edc8f87f3c69c460ccf1255ed8c9c1651f6
- SHA256
  
  a8d97304d740bb44b27e40303d72326a34d30973e801161f4bf026fff552c1a8
- SHA512
  
  941b380f3c393ebb776b0d181b290550b528534f50b6bb55ada418f3639d8ccd07587303a7b680937c0b641e838cc2f98265d93f56d7bbcd9419e7a2512a69f3
- SSDEEP
  
  24576:MuOolI+AqJiMqbPf8/cEnn8jrO+jfn2QaRgRBmjb+Ba56r19EvAI3eQFZ:x3Aq0U/cbjjL2Q+gRBKyq6r19mAI3RF
Score

10^/10

formbook do25 persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Checks computer location settings

Deletes itself

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2