formbook | 7c0561d38ad8d30935cc4750ef54f86ae0e8fedd0858278b6a202cf9589ae4d5 | Triage

Sharing

General

Target

7c0561d38ad8d30935cc4750ef54f86ae0e8fedd0858278b6a202cf9589ae4d5
Size

336KB
Sample

221208-nf5v2acg6s
MD5

3b33c707e522fc9e706c62687387ddbc
SHA1

d98eb37e12d6d7b03fd94933ab5f7dc445c67477
SHA256

7c0561d38ad8d30935cc4750ef54f86ae0e8fedd0858278b6a202cf9589ae4d5
SHA512

7591fdefeff5a11fea8726d784a62229de33378f54cd27841647c53983fca87f055e40f6743bd62d7bb0493bd11b4d3a4c19529f890d924f6872d804b19c8695
SSDEEP

6144:9kwOU0Tna911TEwbdaqga1lpGC1xA67/jYUUEU6LrgJxet8ZJ8EGlu:Cf41y3ajpPA678UrU6LrgfeU8EGY

Score

10^/10

formbook ctap rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

ctap

Decoy

7fuiHU5O7pBugItrXtDlRbQzVNAypQ==

Ioe4Ezkvrkk5SljtGsXC

7SdYmzWqxYzoB10eYg==

87z12VKpqmy0nXHtGsXC

frPRoZR38nhTXl/tGsXC

JybcU3xwAWn21yEPd4XnKA==

B6LTKeV3SeQZAg==

9iFOJSEVtE+I6ea4tn6M72ANGm3K

bROuHdVCVl63QIZuI2etey+ugP0=

25FDh/Be3fhaReK+BwZm9aY+og==

ipYbazKawI7oB10eYg==

Y3ONgI2GHcStmm5WhEZCsE/GlNJovg==

NMjp1U2zzpPoB10eYg==

ZZOygHxoGkBxNTz1RnI=

Hy1dkswBcyQh

94qXZbB1+8ciD4Q=

JUhyQ8Fxl+4gBA==

7wuj4eTJFutgR7+k1R8mIA==

Nj3QJ1RBulY2AMS/1R8mIA==

LjFXk8zI5vgdq8N6ropiNA==

Targets

- Target
  
  7c0561d38ad8d30935cc4750ef54f86ae0e8fedd0858278b6a202cf9589ae4d5
- Size
  
  336KB
- MD5
  
  3b33c707e522fc9e706c62687387ddbc
- SHA1
  
  d98eb37e12d6d7b03fd94933ab5f7dc445c67477
- SHA256
  
  7c0561d38ad8d30935cc4750ef54f86ae0e8fedd0858278b6a202cf9589ae4d5
- SHA512
  
  7591fdefeff5a11fea8726d784a62229de33378f54cd27841647c53983fca87f055e40f6743bd62d7bb0493bd11b4d3a4c19529f890d924f6872d804b19c8695
- SSDEEP
  
  6144:9kwOU0Tna911TEwbdaqga1lpGC1xA67/jYUUEU6LrgJxet8ZJ8EGlu:Cf41y3ajpPA678UrU6LrgfeU8EGY
Score

10^/10

formbook ctap rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookctapratspywarestealertrojan