formbook

General

Target

5b0ad70962c30c5d8121d9952c0115449253afc64eee634b73ef544692d1dddf.exe
Size

344KB
Sample

221208-n31jtsch3y
MD5

4c81a87e0db78ea6a775bef1503d6ec0
SHA1

e11930e6e07c9c17aaa53512a28e63859545f486
SHA256

5b0ad70962c30c5d8121d9952c0115449253afc64eee634b73ef544692d1dddf
SHA512

66001fddb953d6bd178b780e23ccc0ac4f94b4c4157f028995d5b3e0c548982fcb285ec1968cb75a11d838494b34df431b6d7f9d63d7d50d17e42b40e85a184a
SSDEEP

6144:QBn1ARf0fEEreo2gSo66il6s6DZBvNhMwALYT5Eme/OqZbklOExYi6UZS/P:gAx4EECb3oCH6NBBoSA/OeQ/xK28P

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

sdq4

Decoy

M/NxSqNc5vEVvfXWWA==

X0Q2HDisLuzoYHfD/mIcqVDnOotmMQ==

rpEiJ3YmytzsKpdRm4BC7C+2Tw==

fm8cTFjP2FWL2pX5CMjb

5ZhWW5wmXtrmLgrzSjT6uhFBjJHnOQ==

x7J40079eC34LH47UXg5nQ==

ZP8X4tob2taHVprY6DY=

a1jaSE2/8CrzM/8SUXg5nQ==

f5NPHDH65GxGSnZkngvT

IgmQAMCztfqJvfXWWA==

g1+wuFVS/tReSfENUXg5nQ==

SivMIukaJaRo0q8C

LQ9gYduaQQzUE5rY6DY=

TwJTqpALLLkbSI8=

uGsh+xbSG/Cg0Eqd1i8=

p1gOxrnIf1QXDg==

6cuOoOaSRhDQEprY6DY=

nIVfX649g7xtvfXWWA==

RiWd3WQpq7DSGJrY6DY=

ESeuyPlUh40hEw==

Targets

- Target
  
  5b0ad70962c30c5d8121d9952c0115449253afc64eee634b73ef544692d1dddf.exe
- Size
  
  344KB
- MD5
  
  4c81a87e0db78ea6a775bef1503d6ec0
- SHA1
  
  e11930e6e07c9c17aaa53512a28e63859545f486
- SHA256
  
  5b0ad70962c30c5d8121d9952c0115449253afc64eee634b73ef544692d1dddf
- SHA512
  
  66001fddb953d6bd178b780e23ccc0ac4f94b4c4157f028995d5b3e0c548982fcb285ec1968cb75a11d838494b34df431b6d7f9d63d7d50d17e42b40e85a184a
- SSDEEP
  
  6144:QBn1ARf0fEEreo2gSo66il6s6DZBvNhMwALYT5Eme/OqZbklOExYi6UZS/P:gAx4EECb3oCH6NBBoSA/OeQ/xK28P
Score

10^/10

formbook sdq4 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2