formbook

General

Target

DHL AWB-5024310182_061222.exe
Size

788KB
Sample

221206-rmvkeshf7z
MD5

4bc8ce54beb8016d78f09425034b3d03
SHA1

8a3f23548ac66a45a5fba76561757df9bb301c8b
SHA256

ec4741cb3671f0c7563788e27e03fd2cfae2b7470108cbf9e1603b138d034a11
SHA512

2f24cb9e3246826dd851723de0ecfcc561621c8ebe0111d509e1d42fa69967b49ad9f288d2e172a7b56744368d91344da0cacfc7bdfd8b568e20da56c94d6711
SSDEEP

24576:momxiPQFQNWbvquj44kgP6Y/mXYGAsjl:moKmQSNWbvn4hs/y

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

d8ax

Decoy

wQDD4HkJc+vErnk=

j7vdn039QTY5Gcs43SDb8R4gwLgFCI7s

ZqPN0enMl4As

kKK00fOMq6KZmHv6kZjEiTm3l1o=

CxCTti/0Dcs5qly/AVHoTg==

5TwVtD3wcevErnk=

/ieoWNXMl4As

caK67QvHGhmiEuKpidX2RA==

Bbyy3J6D1Qw=

LV5N2gOocvpbA/OB/w==

k7k2OMNsBY67libDOi4=

wuDokhS1jLo4mA==

RVGz6anMl4As

la40BCHFwoI/rpugbdoaWQ==

XmVnfY0nNACG5si5u8Ds6F79xw==

dpyQTuytl0/bShsFIYUaHRzIL4quYwxgTA==

yvmesDDPpTSrLhf5GlvvdaCZekhAsg==

obTEXhervaSWkSbDOi4=

ClZogXcOT1DcPyvgOKJM

Drlokv/cjLo4mA==

Targets

- Target
  
  DHL AWB-5024310182_061222.exe
- Size
  
  788KB
- MD5
  
  4bc8ce54beb8016d78f09425034b3d03
- SHA1
  
  8a3f23548ac66a45a5fba76561757df9bb301c8b
- SHA256
  
  ec4741cb3671f0c7563788e27e03fd2cfae2b7470108cbf9e1603b138d034a11
- SHA512
  
  2f24cb9e3246826dd851723de0ecfcc561621c8ebe0111d509e1d42fa69967b49ad9f288d2e172a7b56744368d91344da0cacfc7bdfd8b568e20da56c94d6711
- SSDEEP
  
  24576:momxiPQFQNWbvquj44kgP6Y/mXYGAsjl:moKmQSNWbvn4hs/y
Score

10^/10

formbook d8ax rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2