formbook | 12a921f6abb929d4f8b28924868dcc468299e44745c37db3aa7e4ac9bfe38869 | Triage

Sharing

General

Target

12a921f6abb929d4f8b28924868dcc468299e44745c37db3aa7e4ac9bfe38869
Size

334KB
Sample

221207-pkn9hseh38
MD5

2b087c00777a630a4100c122f4687783
SHA1

618f5bf8bea9d2c431c4389c18e2dd91082a0d67
SHA256

12a921f6abb929d4f8b28924868dcc468299e44745c37db3aa7e4ac9bfe38869
SHA512

cb47508cf530de56e1c2317351eca84b832d431a516c4da2676855e6d76fc6d06b4b328d4c7ece2ff7ccc54acf04644a1f30e4e8b8067dc9889f4a7a32eaa37b
SSDEEP

6144:QBn1W74u851+xu+La/EZ4sAR7Im/VvQgUJ5IBjiIQ1XhXXMaXTEZ2iaH4hY:gW7OgxLLaE2R7IwY5MjinzEoPHKY

Score

10^/10

formbook henz rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

henz

Decoy

IxWMb+jVsoinShuZJzk=

TPfKgQZ//oGnKr/J

EsK0WxD5kY65XOW1Td/5CxSUpCUytR7M

KebSmiCP9p8yUw==

HAt/ljkEuqMLHOLCi53Pv8MKX9qk

CY4ogZTwJc4vSw==

WWDIx5UYUDyepntE0YIAPca3/rI=

+Pkr01Lfb2rME7bL

S5nyK0p8jS2xdwQ=

W/oqvlO57LfkLcLHnQ==

zrrwtqkTLwxulm4l8FGopw==

AqucYext8bzFbOKthIm8E6gfVkUHxKY=

OfnjeDs78+RTcz4OHRl+

XKf1wwpZR5hLLjHgmUGOpQ==

JMyhSLoJPTCwn5o9zX2d8i1+

Wk54MBsDhWSVbnIRkQ==

7aaYR/tOhh9piTw5/KHSRwuK2iqgafw7pQ==

hH/EYxN+jC2xdwQ=

S0F4ORqDjS2xdwQ=

0o/UwXnuJ+sJp0cOHRl+

Targets

- Target
  
  12a921f6abb929d4f8b28924868dcc468299e44745c37db3aa7e4ac9bfe38869
- Size
  
  334KB
- MD5
  
  2b087c00777a630a4100c122f4687783
- SHA1
  
  618f5bf8bea9d2c431c4389c18e2dd91082a0d67
- SHA256
  
  12a921f6abb929d4f8b28924868dcc468299e44745c37db3aa7e4ac9bfe38869
- SHA512
  
  cb47508cf530de56e1c2317351eca84b832d431a516c4da2676855e6d76fc6d06b4b328d4c7ece2ff7ccc54acf04644a1f30e4e8b8067dc9889f4a7a32eaa37b
- SSDEEP
  
  6144:QBn1W74u851+xu+La/EZ4sAR7Im/VvQgUJ5IBjiIQ1XhXXMaXTEZ2iaH4hY:gW7OgxLLaE2R7IwY5MjinzEoPHKY
Score

10^/10

formbook henz rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookhenzratspywarestealertrojan