formbook

General

Target

3305e6f47a497c5a157f92bb6a062af2a257121e93e0914bd771f09d550f5a83.exe
Size

352KB
Sample

221206-pnbslabh6z
MD5

cd5033888dd7ee1ccab2ca5dc6e08f11
SHA1

041a2832b6f88a8eb5f58cea0c6da87e5639a8a5
SHA256

3305e6f47a497c5a157f92bb6a062af2a257121e93e0914bd771f09d550f5a83
SHA512

4740129d37b9d4b6f75eeaa47bba84fededb4489a46ee111f72c0a444697d07d0c022d049328ca523bb4eea426f8ee3d3737cb954dfd51598de18a3dd5084a94
SSDEEP

6144:PBnyL0v+1l/iTZ5zA/KHJyroHK6T9Pe31ILRlG+tKgZBEypNQr8:44v+7is/KHEIeGrG1gZ+6U8

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

m8on

Decoy

5RDJg6PD8b8/lg==

z+6tEasghyxTRlAm8HeF0rCTn4HchcIaMA==

hY6JDp4OeFclIzg=

2n/nBKEMvlUg

TQnCBZUdgFclIzg=

RoBCgR5KI0aa5rrVt24Bn6zPykA=

sEG8UAyhFJVnVdUp6H2hncgEew==

g0futs/jzu99IJgM4A==

YifLj6YLs642v7/UXiXF

QN+IobKqkqUncrCskFgnesA=

/cRBHQXRQVgBWgiVOUed3g==

2OOiy0XNMs/jyhGljU3Y

EMu0wdnLtMtMj+2FSr8=

04k8CS/jXna1wGgYsjVaGck=

ixeHKD9bM9/N24ED8merIyfKD1g=

ARzXDqXXoaUyQdMl9Q==

RAOPg5J5ex0kS04Z

gbJpkQiD2oNFlymBQBFguUYz

hosWDpYs4Hg5

xIE4IzUZ7xKqPJgN6A==

Targets

- Target
  
  3305e6f47a497c5a157f92bb6a062af2a257121e93e0914bd771f09d550f5a83.exe
- Size
  
  352KB
- MD5
  
  cd5033888dd7ee1ccab2ca5dc6e08f11
- SHA1
  
  041a2832b6f88a8eb5f58cea0c6da87e5639a8a5
- SHA256
  
  3305e6f47a497c5a157f92bb6a062af2a257121e93e0914bd771f09d550f5a83
- SHA512
  
  4740129d37b9d4b6f75eeaa47bba84fededb4489a46ee111f72c0a444697d07d0c022d049328ca523bb4eea426f8ee3d3737cb954dfd51598de18a3dd5084a94
- SSDEEP
  
  6144:PBnyL0v+1l/iTZ5zA/KHJyroHK6T9Pe31ILRlG+tKgZBEypNQr8:44v+7is/KHEIeGrG1gZ+6U8
Score

10^/10

formbook m8on phishing rat spyware stealer trojan
- Detected phishing page
  phishing
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detected phishing page

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2