Malware sandboxing report by Hatching Triage

General

Target

c71e8cd3e58eaeab5de7d296fa62fd6fcad415facc687629d71b25bab56550eb
Size

342KB
Sample

221206-jggglsag5x
MD5

cd0e4cab67b7fd76ef5d6bdcb7f25a21
SHA1

a27ade3067d85e7ed462266b503caed5ef89d3dc
SHA256

c71e8cd3e58eaeab5de7d296fa62fd6fcad415facc687629d71b25bab56550eb
SHA512

c3ae7c68e14ddd2064c926d419ca88531d0344868792b81f8daab42c63aa28a096781fbb0cf38fd367cbf64d94ef073c17d17cef762b5e99bb110ebe00345195
SSDEEP

6144:ZBnbr9ZL8bW6Bg1GzljLDEkYiDifeaOcpTlSxbJ3bzGUAR6ZTu:HfL8bQalnDlRexQxNSlR7

Score

10^/10

Malware Config

Extracted

Family	formbook
Campaign	f4ca
Decoy	omFHB5ajfJi1UEIEV9XcoRw= UBjJkmQPyprdhcFF/bdCWQ== evGKkBUj1je+otcfpw== KgvGVeOATSt3nug0BIOm2JvOQycB Lv6o3K0r9aSjI0lr9fg1txw= LH1jJb/HieQpsEdqWCQTvX2PmsDVIeg= 99dte0XauJfk6Xv+uQxJFgA1gMktBA== 21FkkGB9gMniDQw2ffu6 r4lKBM/q6TZwVZfS F+14qHeVWi56KdQ= BgWXRsVoICMvvQ== I+EozFl0Uy56KdQ= xoXCgEllKEbWfjFCCLo= qo9G1lXvvGt5GkxrLQWw ORNlYic0PJ2ip4geEFSv Yj+GFpvFxy0uVYx1fLI/XQ== XL+veIKPjOTe4fjvFs+n D2JKVAfuakXCAyoEvw== voWJU81tH56wvt/vImbCcgVd dVEcwFrmb8bZ4vXvFs+n CMlcaOUF6cB+8Bnm2Kc= NpYV3moXNE+ZQ4f9nVGCSA== /GRkjGd1acLHyeLvImbCcgVd R52MlF+Ag+LtFr1QKa7Zf/5a kVD/mSO1YK75pA== 5q3IANfo/JHiDww2ffu6 4i8RFOH2ACRdhzja VLWOSRe00XX6sNsijPzqiiWfFgf1J+g= qnsgRFL46lWG xo1QHOyKS9rj4fjvFs+n mIHZlAqzS6ymmpMCU1uyZgE= WCtjiGCFl/4JTiJ0R60= c0vpAtZ3fY7TeLfdcnASQg== Y87Xlic9/1+q3g/pUArVoB4= kKOsRsf05wBOd67a dDmgYgOZZ0aCMVwgDha4bgc= ieXCbvcCyja+otcfpw== Fd0XQwkTHHaBmNDvImbCcgVd PK/M6eM8xOwqvw== Pf0q8MdfICMvvQ== EO8aPQwf7z2Du+XvImbCcgVd BeUisSg/Ql6uJcg= ay2v2pz4gomTESLosQ== AGjX3ak2B+FyQ9ZKrQ== Du0y0UXomyoxT4/arA8Du3FvpwE= xhV7OrDTdonq4fjvFs+n 9+s2xTlaW66p2IAAnVkDQA== AuS2UeN4Nsvl5vo8J67Zf/5a B1vK2590RiUuuw== /709BIUfMCIln8sus2u2aAM= BMpYckjp699wVZfS Pf2AqIscEhlpHlnV18IvVQk= RKUTxUbz/zFroN/LLq+kIdZM IuuiQ9pj7ZzciLVPiks4Rxc= 0KBn8XAV7NNm2xPxuA== nv7yBtDj4UNE/ju8er1EZSanBXfyLv4= sBgf41X1vKTwUspTsg== 5bk4+oQWD+X01tBEqQ== c08KjxWnau8DDSsESMKNI+P5G/6/sYjU6g== RJiyeEVj/N3rhNAW3qU= v6O7hhQxA//+Oyq2ms9DWQ== 7MdHCYCb4OT5pg== Je0NLgIfKIeFuyjxYD+i 68P+tIkhBdlwVZfS inthecryptolane.com omFHB5ajfJi1UEIEV9XcoRw= UBjJkmQPyprdhcFF/bdCWQ== evGKkBUj1je+otcfpw== KgvGVeOATSt3nug0BIOm2JvOQycB Lv6o3K0r9aSjI0lr9fg1txw= LH1jJb/HieQpsEdqWCQTvX2PmsDVIeg= 99dte0XauJfk6Xv+uQxJFgA1gMktBA== 21FkkGB9gMniDQw2ffu6 r4lKBM/q6TZwVZfS F+14qHeVWi56KdQ= BgWXRsVoICMvvQ== I+EozFl0Uy56KdQ= xoXCgEllKEbWfjFCCLo= qo9G1lXvvGt5GkxrLQWw ORNlYic0PJ2ip4geEFSv Yj+GFpvFxy0uVYx1fLI/XQ== XL+veIKPjOTe4fjvFs+n D2JKVAfuakXCAyoEvw== voWJU81tH56wvt/vImbCcgVd dVEcwFrmb8bZ4vXvFs+n CMlcaOUF6cB+8Bnm2Kc= NpYV3moXNE+ZQ4f9nVGCSA== /GRkjGd1acLHyeLvImbCcgVd R52MlF+Ag+LtFr1QKa7Zf/5a kVD/mSO1YK75pA== 5q3IANfo/JHiDww2ffu6 4i8RFOH2ACRdhzja VLWOSRe00XX6sNsijPzqiiWfFgf1J+g= qnsgRFL46lWG xo1QHOyKS9rj4fjvFs+n mIHZlAqzS6ymmpMCU1uyZgE= WCtjiGCFl/4JTiJ0R60= c0vpAtZ3fY7TeLfdcnASQg== Y87Xlic9/1+q3g/pUArVoB4= kKOsRsf05wBOd67a dDmgYgOZZ0aCMVwgDha4bgc= ieXCbvcCyja+otcfpw== Fd0XQwkTHHaBmNDvImbCcgVd PK/M6eM8xOwqvw== Pf0q8MdfICMvvQ== EO8aPQwf7z2Du+XvImbCcgVd BeUisSg/Ql6uJcg= ay2v2pz4gomTESLosQ== AGjX3ak2B+FyQ9ZKrQ== Du0y0UXomyoxT4/arA8Du3FvpwE= xhV7OrDTdonq4fjvFs+n 9+s2xTlaW66p2IAAnVkDQA== AuS2UeN4Nsvl5vo8J67Zf/5a B1vK2590RiUuuw== /709BIUfMCIln8sus2u2aAM= BMpYckjp699wVZfS Pf2AqIscEhlpHlnV18IvVQk= RKUTxUbz/zFroN/LLq+kIdZM IuuiQ9pj7ZzciLVPiks4Rxc= 0KBn8XAV7NNm2xPxuA== nv7yBtDj4UNE/ju8er1EZSanBXfyLv4= sBgf41X1vKTwUspTsg== 5bk4+oQWD+X01tBEqQ== c08KjxWnau8DDSsESMKNI+P5G/6/sYjU6g== RJiyeEVj/N3rhNAW3qU= v6O7hhQxA//+Oyq2ms9DWQ== 7MdHCYCb4OT5pg== Je0NLgIfKIeFuyjxYD+i 68P+tIkhBdlwVZfS inthecryptolane.com

Targets

- Target
  
  c71e8cd3e58eaeab5de7d296fa62fd6fcad415facc687629d71b25bab56550eb
- Size
  
  342KB
- MD5
  
  cd0e4cab67b7fd76ef5d6bdcb7f25a21
- SHA1
  
  a27ade3067d85e7ed462266b503caed5ef89d3dc
- SHA256
  
  c71e8cd3e58eaeab5de7d296fa62fd6fcad415facc687629d71b25bab56550eb
- SHA512
  
  c3ae7c68e14ddd2064c926d419ca88531d0344868792b81f8daab42c63aa28a096781fbb0cf38fd367cbf64d94ef073c17d17cef762b5e99bb110ebe00345195
- SSDEEP
  
  6144:ZBnbr9ZL8bW6Bg1GzljLDEkYiDifeaOcpTlSxbJ3bzGUAR6ZTu:HfL8bQalnDlRexQxNSlR7
Score

10^/10

formbook f4ca rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

Score

1^/10

behavioral1

formbookf4caratspywarestealertrojan

Score

10^/10

Sharing

General

Malware Config

Extracted

Targets

Formbook

Executes dropped EXE

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1