formbook

General

Target

PRODUCTS LIST INQUIRY.rar
Size

585KB
Sample

221206-qtqdlscc47
MD5

fd23b5b27a5cf0d20f26b985393258df
SHA1

21722e3293ffe7c241c0ad13b120cede6060217d
SHA256

18abbbcd5150e7160600c75a426fdeb95a69634a2071a60f92a9ed62163b9a87
SHA512

eceebfc62f24a43cee980bae4a39ffbce01bb9903b8feaf6b47f9232474c4bcfed64083af8279e40bf6e82ea4544e7b734c98317985624239f3d26ad14b88051
SSDEEP

12288:BvnBOBt8OMjpzRfRfea1yqVJJqpy8i8VUW0VVpTJBARvMKqnTzsZMPzDnLMzOco6:BvnBOBt8OM9zpRfeaQOJcUi1mTJ3bf6

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

0vh9

Decoy

kT0Usm0+fHGF7CkiArMh/tpf8d/XmQE=

0fmX7QILD44W+4BvafbZzOs=

cu0K8dW1ampaxA==

mMUbaeih2AfncJFGQQ==

hbUGHyjFfvGHWhfdzKFAKACZFug=

yjwyDLSAuuQScZpTEt/p0g==

QVOuL9rCqaSZBDn18NM=

80J9zt627lL0

dRXhSLjVSYyE2g==

QuSd7Qu7JmkOkqOTf9gC4P5d322R+Ak=

TGmyjSzk7VR50A==

Per96I1KSYyE2g==

smg9xW2N/NH8O5xPQw==

epfEwPC7ggR37cX39cc=

s2tPNeqhoGyRpCQevaVh

0HJrO9mYxtjW0m+nEfbZzOs=

9ppmyuPh6JiKX+17X/bZzOs=

wrxE0u6FSNp5RtFYT83Yj+s2sz4kyg==

y4FnMsyMjUo7DqoovqLXyw==

tWNC35fFQyZe1Mt7fAQyHuycNOs=

Targets

- Target
  
  PRODUCTS LIST INQUIRY.exe
- Size
  
  833KB
- MD5
  
  62dbf29de2b765943525b45e080c168a
- SHA1
  
  cd40c7a3ae6d2c6e2c7436eb5da2407d84f6cc7b
- SHA256
  
  52b739a0edc9a1a008131eedb6b9385e6aa99ea46e15ab65fa7e1045ec6908e2
- SHA512
  
  4059ebb5665670ba140a14aad5996407fe843bb19491b9f10a00e423c5e1332a8a325dd8fa4e438418d5ef1a451d749b19506c18cae4218161b140346d780a54
- SSDEEP
  
  12288:IckyiUw4N8guVN4P9OCEqrK40DafmmiVR2mqrYy6FjmaZgKZ/nXt7virmWhlGLak:bkyiN4GPVN4P9OFqu40DRRmY
Score

10^/10

formbook 0vh9 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2