formbook

General

Target

338beb0d3fe9cf2946527108a44d24b8
Size

601KB
Sample

221208-bd9d8agf66
MD5

338beb0d3fe9cf2946527108a44d24b8
SHA1

c2545a831bd37190ca8fe20e53346da6693a8d48
SHA256

28dcfab7a0d5e305ef2c14bb3e0fc88d9fba7e38affd2a4fd89ab32c103add38
SHA512

638d3d6d6a8c0ef9f97183c95aad8016ab791ea264a0717c86639c397eb4b90206893ec4d9ab43b18966cea771b614d604c3c9d8e7d1feb428f6657c31ae56a3
SSDEEP

12288:gRmlQghT+BJnaHG72c1KRkswZIIQe8z94vd2:gwge6JcCsmIIWwk

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

elhb

Decoy

BxGzoacPQ3mFBGhbtixjHOm2l30=

dTRqRkWfuBbGMmsPJA==

Pix+zpOG6+Gk

N+3dNZ0ZjOtrRnnj

xUv06VOm45P441HWCmmfSum2l30=

Sx5JuwMfaRrJdK3r

cgU6nPNKa14KC4K40cp4wbkm/KpzfwM=

rV8A2UGJrlbYxa48P40=

Gz3szbYLIYI6l+4=

QU3ru637P+U4itwRQ3n7n2c=

DdkGzbEPU4Fy4h2bZLVXNzz0

QPUo8R5qn9KUnhRRtmVY8/Zp5Xw=

q+EX7juJsVR79msRSnsUxg==

/34eEpvsLS8lw7uom5U=

HEVrEXHlHMlNNp9IlsY+0Q==

KZ/SIWnI7eeog+pwY9uAw+PmmhfjXQ==

Kdn7YMcoXYWjHId+0jhkHem2l30=

R7lnYeAfO1MUHIWyz9c/aoIvHxSvQA==

P7ZYVqmG6+Gk

hlk7m1hdnb0=

Targets

- Target
  
  338beb0d3fe9cf2946527108a44d24b8
- Size
  
  601KB
- MD5
  
  338beb0d3fe9cf2946527108a44d24b8
- SHA1
  
  c2545a831bd37190ca8fe20e53346da6693a8d48
- SHA256
  
  28dcfab7a0d5e305ef2c14bb3e0fc88d9fba7e38affd2a4fd89ab32c103add38
- SHA512
  
  638d3d6d6a8c0ef9f97183c95aad8016ab791ea264a0717c86639c397eb4b90206893ec4d9ab43b18966cea771b614d604c3c9d8e7d1feb428f6657c31ae56a3
- SSDEEP
  
  12288:gRmlQghT+BJnaHG72c1KRkswZIIQe8z94vd2:gwge6JcCsmIIWwk
Score

10^/10

formbook elhb rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2