formbook | b66fc3c8f01ea488838e57cda4157b5ec8d3398b321fcc68bdb9d7ce397486f5 | Triage

Sharing

General

Target

FATURA ÖDEMESİ.exe
Size

857KB
Sample

221207-n2wt9ahb41
MD5

66ed7ba0a4ca21ace023480e4015a9e3
SHA1

5de079ca99452414f7c68a985e9b114a16bf3f94
SHA256

b66fc3c8f01ea488838e57cda4157b5ec8d3398b321fcc68bdb9d7ce397486f5
SHA512

4319d634180de8a14f2bdb652a132ef1649ce05018b8f86f47b09ded7c5b20fd1691648539095276c46f7e35823b5f81d0d2dd8af353a523788828c81acbf1f1
SSDEEP

12288:y+oQgKZ/nXt7virmWhlGLaQYIIjmas5JGXylk+mphdWvzAtpexqlI9aDc7nH6Py:y/u/PlbmperA5IBH6Pq/M9

Score

10^/10

formbook gs25 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gs25

Decoy

real-food.store

marketdatalibrary.com

jolidens.space

ydental.info

tattoosbyjayinked.com

buytradesellpei.com

61983.xyz

identitysolver.xyz

mgfang.com

teizer.one

staychillax.com

ylanzarote.com

workte.net

maukigato.shop

coolbag.site

btya1r.com

dkhaohao.shop

zugaro.xyz

boon168.com

xn--80aeegahlwtdkp.com

Targets

- Target
  
  FATURA ÖDEMESİ.exe
- Size
  
  857KB
- MD5
  
  66ed7ba0a4ca21ace023480e4015a9e3
- SHA1
  
  5de079ca99452414f7c68a985e9b114a16bf3f94
- SHA256
  
  b66fc3c8f01ea488838e57cda4157b5ec8d3398b321fcc68bdb9d7ce397486f5
- SHA512
  
  4319d634180de8a14f2bdb652a132ef1649ce05018b8f86f47b09ded7c5b20fd1691648539095276c46f7e35823b5f81d0d2dd8af353a523788828c81acbf1f1
- SSDEEP
  
  12288:y+oQgKZ/nXt7virmWhlGLaQYIIjmas5JGXylk+mphdWvzAtpexqlI9aDc7nH6Py:y/u/PlbmperA5IBH6Pq/M9
Score

10^/10

formbook gs25 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookgs25ratspywarestealertrojan

behavioral2

formbookgs25ratspywarestealertrojan