formbook | 21de76383c20f46e5991d16ecdccaf0f6ba0df011034e33ad17afc5cb7f1f6a3 | Triage

Sharing

General

Target

21de76383c20f46e5991d16ecdccaf0f6ba0df011034e33ad17afc5cb7f1f6a3
Size

270KB
Sample

221207-cqxfvsaa2s
MD5

54cb6b6a5eecc9c52283c1838a5a0d14
SHA1

0f9d660e95817a474cf866163d61ff6afde223fd
SHA256

21de76383c20f46e5991d16ecdccaf0f6ba0df011034e33ad17afc5cb7f1f6a3
SHA512

3308a4e8086948278daab24dea250dbf5b90df35466749fcc4126969132710beec581deed2c2fad1b99713016d232ec141675f1a3409bb92b177032bcebba72f
SSDEEP

6144:QBn1JYjUZI4r4lx3n5ssS0gVxdszEU0kXBgvsAZ/sEuRYSwq:gOiIblxXGsS00dszpXXqv/h+YSwq

Score

10^/10

formbook henz rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

henz

Decoy

IxWMb+jVsoinShuZJzk=

TPfKgQZ//oGnKr/J

EsK0WxD5kY65XOW1Td/5CxSUpCUytR7M

KebSmiCP9p8yUw==

HAt/ljkEuqMLHOLCi53Pv8MKX9qk

CY4ogZTwJc4vSw==

WWDIx5UYUDyepntE0YIAPca3/rI=

+Pkr01Lfb2rME7bL

S5nyK0p8jS2xdwQ=

W/oqvlO57LfkLcLHnQ==

zrrwtqkTLwxulm4l8FGopw==

AqucYext8bzFbOKthIm8E6gfVkUHxKY=

OfnjeDs78+RTcz4OHRl+

XKf1wwpZR5hLLjHgmUGOpQ==

JMyhSLoJPTCwn5o9zX2d8i1+

Wk54MBsDhWSVbnIRkQ==

7aaYR/tOhh9piTw5/KHSRwuK2iqgafw7pQ==

hH/EYxN+jC2xdwQ=

S0F4ORqDjS2xdwQ=

0o/UwXnuJ+sJp0cOHRl+

Targets

- Target
  
  21de76383c20f46e5991d16ecdccaf0f6ba0df011034e33ad17afc5cb7f1f6a3
- Size
  
  270KB
- MD5
  
  54cb6b6a5eecc9c52283c1838a5a0d14
- SHA1
  
  0f9d660e95817a474cf866163d61ff6afde223fd
- SHA256
  
  21de76383c20f46e5991d16ecdccaf0f6ba0df011034e33ad17afc5cb7f1f6a3
- SHA512
  
  3308a4e8086948278daab24dea250dbf5b90df35466749fcc4126969132710beec581deed2c2fad1b99713016d232ec141675f1a3409bb92b177032bcebba72f
- SSDEEP
  
  6144:QBn1JYjUZI4r4lx3n5ssS0gVxdszEU0kXBgvsAZ/sEuRYSwq:gOiIblxXGsS00dszpXXqv/h+YSwq
Score

10^/10

formbook henz rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookhenzratspywarestealertrojan