formbook | 3dd65f1a69d9bfc66ac90f94418e7038bb7716f55b2b75b2926a1e026ebaa093 | Triage

Sharing

General

Target

3dd65f1a69d9bfc66ac90f94418e7038bb7716f55b2b75b2926a1e026ebaa093
Size

1.1MB
Sample

221208-cajvtsbf9x
MD5

78c60cf7fbdfb30416050544a80ab48e
SHA1

a3f2348dc1a1ad60f1cbdc269632da2b4245ac65
SHA256

3dd65f1a69d9bfc66ac90f94418e7038bb7716f55b2b75b2926a1e026ebaa093
SHA512

363a3637186a87a8f5beceec59e579b4ccae86f87ab5b3536ac5c0cfc49961e840a5f6de6bac567569a3aa1bcd280a1abac7ddcd102ba623cac8250f8868bdc0
SSDEEP

24576:cL4LJWJYb9gCJysH0sF/xikvcKw7xWho8L64:dLJWJceIFJho+Z

Score

10^/10

formbook wnoa rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

wnoa

Decoy

Anzfj8CstzWn/Ik=

BkhCB8WrOvIUcY78lw==

xEyLf4okJGEBag18DTzNfYc8/tJTCyY=

L8YF7D0dJmDN2XbqnL6BMPM=

pLq2gHn54xib667ul/0cGeUUZA==

bKjcinHr8mKS6qLfjA==

n/YN69yEx3KoUAU52DiE+IS5ItJTCyY=

BRQILrmcFxdJkIE=

e7itYBn9mZWx1FOTUzskZA==

e7Gqlb+Fsy3d+bramPc=

SV5QF+PEQe4c7onu

F6D7r3RAggSr98cs+mWjCY/KQw53Diw=

lqixnJdBnCAJdelB0L6BMPM=

N8Y0Fx2lwnaYJNQg4iUaGeUUZA==

4tF/NC6/DfUpRbGngLVx

oLuerEDAN+8c7onu

hpiWgzD7vb4c7onu

twgjE4g2SQIjRbGngLVx

G26ZgMF1Wp4/iTtpPm9sMvU=

SQaUJPgO/kyg

Targets

- Target
  
  3dd65f1a69d9bfc66ac90f94418e7038bb7716f55b2b75b2926a1e026ebaa093
- Size
  
  1.1MB
- MD5
  
  78c60cf7fbdfb30416050544a80ab48e
- SHA1
  
  a3f2348dc1a1ad60f1cbdc269632da2b4245ac65
- SHA256
  
  3dd65f1a69d9bfc66ac90f94418e7038bb7716f55b2b75b2926a1e026ebaa093
- SHA512
  
  363a3637186a87a8f5beceec59e579b4ccae86f87ab5b3536ac5c0cfc49961e840a5f6de6bac567569a3aa1bcd280a1abac7ddcd102ba623cac8250f8868bdc0
- SSDEEP
  
  24576:cL4LJWJYb9gCJysH0sF/xikvcKw7xWho8L64:dLJWJceIFJho+Z
Score

10^/10

formbook wnoa rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookwnoaratspywarestealertrojan

behavioral2

formbookwnoaratspywarestealertrojan