formbook

General

Target

VESSEL_S_SPEC-BBN_SUPRA.exe
Size

351KB
Sample

221207-skbvzaad4v
MD5

359048b5dc3e27a1d81172b25d93d6b2
SHA1

9efff8dfb886f8bf8fac3d354f674f92e80aa8fe
SHA256

b48e1af2b9c183088065530dad02ce3b2d2a333e899017a34c1a817ed892eb73
SHA512

0d80c670f0734ac145b1499900e7d03946cb69901499a51ae1db9397d5dbae17ffa9c5e4150a35fe40d37edb5b8b2cc910e63f252c2d9f5bc2e95572b0d8d192
SSDEEP

6144:sh0f3Yw7yGailqh/WqbYjzA2MVu+ocixl5MgphAcy67gtgz4o2+2iOFn0pcccccI:Ss3Yw7yGJqYzAlVL8lnjPrgtg8ojF

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

ermr

Decoy

ErOK6LFCgNIAlQmH54oaYOL/CN29Z78=

qNSdDhu/PT/1fgafDagiCSZH1SY=

wLpPOAkYS8EABl3pHGc4hNT/Q1sHBrU=

jSxRvptHkeTGl7PT0SEmaZmjqzanuA==

b91oL+2wCcpyhnd6yvF6Pg==

mr81yp1/qqZX

hy7Xsz/PU/LWHMcGL4UYJx9n3A==

KlwrHt1gouPaXaWhoQ==

ng8M320IRJL9Ptw=

8GQbOXuaWxvKnNM=

XndOL7E5sNpVUNty4d/a

rryPBBC8PybYb+2h2MF3FHGL

kEoeyERSVCYO0g==

5/P+SBDby5hO

1fYXc30/h9W7iO17

34X+YKR+wRFE

8ir/X2MlVByh5lQ1ow8=

u9ikm2UMZ7J7hpCYow==

FLI+c3clp1BNDjVAfvC2Dnw=

t21Erq8/r09wAzAJTAH3Ng==

Targets

- Target
  
  VESSEL_S_SPEC-BBN_SUPRA.exe
- Size
  
  351KB
- MD5
  
  359048b5dc3e27a1d81172b25d93d6b2
- SHA1
  
  9efff8dfb886f8bf8fac3d354f674f92e80aa8fe
- SHA256
  
  b48e1af2b9c183088065530dad02ce3b2d2a333e899017a34c1a817ed892eb73
- SHA512
  
  0d80c670f0734ac145b1499900e7d03946cb69901499a51ae1db9397d5dbae17ffa9c5e4150a35fe40d37edb5b8b2cc910e63f252c2d9f5bc2e95572b0d8d192
- SSDEEP
  
  6144:sh0f3Yw7yGailqh/WqbYjzA2MVu+ocixl5MgphAcy67gtgz4o2+2iOFn0pcccccI:Ss3Yw7yGJqYzAlVL8lnjPrgtg8ojF
Score

10^/10

formbook ermr rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2