formbook | 11990c08ba3e1eb0f464d9850bb76696a89f95c0368e3634488139f25b96bf42 | Triage

Sharing

General

Target

SecuriteInfo.com.Win32.PWSX-gen.7158.12123.exe
Size

660KB
Sample

221205-pz7dmseg4v
MD5

4456d023908ebca5034b01ae809d6e62
SHA1

99272ab4f217276228ab68eaae72abfc4242a746
SHA256

11990c08ba3e1eb0f464d9850bb76696a89f95c0368e3634488139f25b96bf42
SHA512

ecde1fb31000b7ef0cf02e995106d236c3aa23e6821da106f69f9bd22744184a53fa1b5671770a5bfb1e2137d4bb0d7581ad664685dde0b8ead994c168dc40ad
SSDEEP

12288:6PuYd+V6b1momPZefeKrsUTkx8S0VP+P1ATnVsgIu3fV6Tx0TBf+v0PuYd+V6b:6PuYd+V6bIomxieMwx8ZBT2/0cxWBf+y

Score

10^/10

formbook f9r5 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

f9r5

Decoy

teknotimur.com

zuliboo.com

remmingtoncampbell.com

vehicletitleloansphoenix.com

sen-computer.com

98731.biz

shelikesblu.com

canis-totem.com

metaversemedianetwork.com

adsdu.com

vanishmediasystems.com

astewaykebede.com

wszhongxue.com

gacha-animator-free.com

papatyadekorasyon.com

mqc168.top

simplebrilliantsolutions.com

jubileehawkesprairie.com

ridflab.com

conboysfilm.com

Targets

- Target
  
  SecuriteInfo.com.Win32.PWSX-gen.7158.12123.exe
- Size
  
  660KB
- MD5
  
  4456d023908ebca5034b01ae809d6e62
- SHA1
  
  99272ab4f217276228ab68eaae72abfc4242a746
- SHA256
  
  11990c08ba3e1eb0f464d9850bb76696a89f95c0368e3634488139f25b96bf42
- SHA512
  
  ecde1fb31000b7ef0cf02e995106d236c3aa23e6821da106f69f9bd22744184a53fa1b5671770a5bfb1e2137d4bb0d7581ad664685dde0b8ead994c168dc40ad
- SSDEEP
  
  12288:6PuYd+V6b1momPZefeKrsUTkx8S0VP+P1ATnVsgIu3fV6Tx0TBf+v0PuYd+V6b:6PuYd+V6bIomxieMwx8ZBT2/0cxWBf+y
Score

10^/10

formbook f9r5 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookf9r5ratspywarestealertrojan

behavioral2

formbookf9r5ratspywarestealertrojan