formbook | 314cf1d9477fd2d1c1d46503bc2aa48ad0ca137c31bff40d3c821cf3b4ca3bc4 | Triage

Sharing

General

Target

DHLAWB-5024310182_1212.exe
Size

898KB
Sample

221206-hs93made97
MD5

1621170620ee606fe369567061032b7d
SHA1

21c39b4591ee3c34475cc56447f32c7b9f55d806
SHA256

314cf1d9477fd2d1c1d46503bc2aa48ad0ca137c31bff40d3c821cf3b4ca3bc4
SHA512

085c355943b47afc508855afc853e46d36e6580d23f1c653b2677b965ff48f76fba4d980cba07342bdd39ffc46b150eb17e38d9ddbebe1938d57c55d72969b9d
SSDEEP

12288:Wcj3JHu4nMiRR4C6slfvHDPli4H/eigJSx0MQjma3gKZ/nXt7virmWhlGLaQYIp:tjJHu4nMq4CBlfPD04kJSx76/

Score

10^/10

formbook d8ax rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

d8ax

Decoy

wQDD4HkJc+vErnk=

j7vdn039QTY5Gcs43SDb8R4gwLgFCI7s

ZqPN0enMl4As

kKK00fOMq6KZmHv6kZjEiTm3l1o=

CxCTti/0Dcs5qly/AVHoTg==

5TwVtD3wcevErnk=

/ieoWNXMl4As

caK67QvHGhmiEuKpidX2RA==

Bbyy3J6D1Qw=

LV5N2gOocvpbA/OB/w==

k7k2OMNsBY67libDOi4=

wuDokhS1jLo4mA==

RVGz6anMl4As

la40BCHFwoI/rpugbdoaWQ==

XmVnfY0nNACG5si5u8Ds6F79xw==

dpyQTuytl0/bShsFIYUaHRzIL4quYwxgTA==

yvmesDDPpTSrLhf5GlvvdaCZekhAsg==

obTEXhervaSWkSbDOi4=

ClZogXcOT1DcPyvgOKJM

Drlokv/cjLo4mA==

Targets

- Target
  
  DHLAWB-5024310182_1212.exe
- Size
  
  898KB
- MD5
  
  1621170620ee606fe369567061032b7d
- SHA1
  
  21c39b4591ee3c34475cc56447f32c7b9f55d806
- SHA256
  
  314cf1d9477fd2d1c1d46503bc2aa48ad0ca137c31bff40d3c821cf3b4ca3bc4
- SHA512
  
  085c355943b47afc508855afc853e46d36e6580d23f1c653b2677b965ff48f76fba4d980cba07342bdd39ffc46b150eb17e38d9ddbebe1938d57c55d72969b9d
- SSDEEP
  
  12288:Wcj3JHu4nMiRR4C6slfvHDPli4H/eigJSx0MQjma3gKZ/nXt7virmWhlGLaQYIp:tjJHu4nMq4CBlfPD04kJSx76/
Score

10^/10

formbook d8ax rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookd8axratspywarestealertrojan

behavioral2

formbookd8axratspywarestealertrojan