formbook | 99c56c4551be01e229f63d5159d90f28c0b3fc18e7beae133aeea99a07f7feeb | Triage

Sharing

General

Target

99c56c4551be01e229f63d5159d90f28c0b3fc18e7beae133aeea99a07f7feeb
Size

225KB
Sample

221206-r68w6abd2s
MD5

fc978e8e9d20edf8f2a0c4b157fe1920
SHA1

85dee7df3f6c544117cde35c89d058856fa5f559
SHA256

99c56c4551be01e229f63d5159d90f28c0b3fc18e7beae133aeea99a07f7feeb
SHA512

a6796ffb98031e85d7916f40eca661e2bdc7f76b5f29bed8d818420a1a060acf801c965cc347181c81e5458e72751d4c7e464aa4dd2ba4f7f10ca3d13650ec25
SSDEEP

6144:QBn14Fe6S294SbWAClQO5WkuJ9rkKwT/ZUyeok:g4Fe69IQO5+3krFw

Score

10^/10

formbook henz rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

henz

Decoy

IxWMb+jVsoinShuZJzk=

TPfKgQZ//oGnKr/J

EsK0WxD5kY65XOW1Td/5CxSUpCUytR7M

KebSmiCP9p8yUw==

HAt/ljkEuqMLHOLCi53Pv8MKX9qk

CY4ogZTwJc4vSw==

WWDIx5UYUDyepntE0YIAPca3/rI=

+Pkr01Lfb2rME7bL

S5nyK0p8jS2xdwQ=

W/oqvlO57LfkLcLHnQ==

zrrwtqkTLwxulm4l8FGopw==

AqucYext8bzFbOKthIm8E6gfVkUHxKY=

OfnjeDs78+RTcz4OHRl+

XKf1wwpZR5hLLjHgmUGOpQ==

JMyhSLoJPTCwn5o9zX2d8i1+

Wk54MBsDhWSVbnIRkQ==

7aaYR/tOhh9piTw5/KHSRwuK2iqgafw7pQ==

hH/EYxN+jC2xdwQ=

S0F4ORqDjS2xdwQ=

0o/UwXnuJ+sJp0cOHRl+

Targets

- Target
  
  99c56c4551be01e229f63d5159d90f28c0b3fc18e7beae133aeea99a07f7feeb
- Size
  
  225KB
- MD5
  
  fc978e8e9d20edf8f2a0c4b157fe1920
- SHA1
  
  85dee7df3f6c544117cde35c89d058856fa5f559
- SHA256
  
  99c56c4551be01e229f63d5159d90f28c0b3fc18e7beae133aeea99a07f7feeb
- SHA512
  
  a6796ffb98031e85d7916f40eca661e2bdc7f76b5f29bed8d818420a1a060acf801c965cc347181c81e5458e72751d4c7e464aa4dd2ba4f7f10ca3d13650ec25
- SSDEEP
  
  6144:QBn14Fe6S294SbWAClQO5WkuJ9rkKwT/ZUyeok:g4Fe69IQO5+3krFw
Score

10^/10

formbook henz rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookhenzratspywarestealertrojan