formbook

General

Target

altek inquiry_06122022.zip
Size

218KB
Sample

221206-qvapjscc96
MD5

2bf3625232c6fea632f5596b7b8c78f9
SHA1

e458490bd8ca63dfee245f16062e24b54a9cf74c
SHA256

bbfb7385cd800a7b207e56e43ab02d45363efd42467e265a19ae8c52d84ef9f6
SHA512

289ce66e6d05332ead79e3fd5df132929dd8e595cc7c47eda6f27428c74c134815cbe136cbbb730f2e37615d86f099f918a6044896419197c199e2ed02fd354f
SSDEEP

6144:k5Wh1/iv3Ux2vjeM5E4fR9hKWb8YPo9hU8CkP4Byio:kQh1qv3yfKFPTkPUyio

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

m5oe

Decoy

HdR8hG6r12hBYuHY4zv6YeeFPQ==

tD1V9gswYvgQXEGd

1xKtJ1LdqRYMRMC84U1A

MbhjiWb7Lz8z7KIWl3UyUIJwA6Tb

joVB5Xggy2RtE+odsZg=

TrduAIay6Y3SvoIK20xI

pSna7LOsXXwXT/zz3Iow4g==

QnthmO4Qst5gC3sDoA==

eAirzOOgO7SOCenz3Iow4g==

xg0uSbfLTg==

YWQXwyGRzPEHzGrDFE8CBSE=

ujLnfuXoH9dbgHIK20xI

291v0XsGFrYQXEGd

MRvTd/qMuaHpjCM=

X131fLC6VWX4MsvCb2IPjIfq8wlksWfg

Y9Bur8DbgqFt/Yni86MMCCE=

q6RTBmJkmy5pWTmmCCrvmuCDPw==

mQS26DojT+EQXEGd

sjHQ+Kav2Wx9FeodsZg=

JA24UKnTA5re1LhcQaVo/w==

Targets

- Target
  
  altek inquiry_06122022.exe
- Size
  
  240KB
- MD5
  
  57e28993ff25e296f1671cf08842bc72
- SHA1
  
  789a67ffbbfbdbd722371580a26f6bb39f86124f
- SHA256
  
  ef183500f8b2a320013adb7f7594aaf7562d43cfd17026f8c7a4cd26a243965a
- SHA512
  
  76820c62bb5f5ce2cbfcf98aaa8b6f2d1c3acb28aeb972b7039ce63e4bb0072867425477bf80ae09c4a11c1c14257d94a40d666aec782f01c4781ec1235d046c
- SSDEEP
  
  6144:xBnYpliv3Ux2/jeM5C4fR99KWb8YPo9hUCCkPBByiL:UpEv3yxKFPBkP3yiL
Score

10^/10

formbook m5oe rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2