formbook | 21e08bb00bf5a84ec339e16296437ef3f5fc98b93d62da5a2e26bebbb2eb5861 | Triage

Sharing

General

Target

SecuriteInfo.com.Trojan.PackedNET.1725.22096.15782.exe
Size

947KB
Sample

221208-rzp6gadc4v
MD5

fa16f4fdb2d9ad31bbb18a35ed5aa8e8
SHA1

9cbe9ad8ae95765033c303abe150cec63642c32a
SHA256

21e08bb00bf5a84ec339e16296437ef3f5fc98b93d62da5a2e26bebbb2eb5861
SHA512

06a71d2636af52bc63524cace2066f5e5287d4d68fbb5f7db6f965d6cddbc9b0d92340f8a1e938d2b11acb5eeeff2e5abd15b9e7ab15cb489df351936a74f943
SSDEEP

12288:k2lmLFCXGPtdUA7pY+ZmBjHUk+qTBcrovP4uo7T2TwmiaY+A7e6u6Z/knOY9y5NI:1YCWl9FhZmBHQronA7TwioA7cO9Lgx

Score

10^/10

formbook f9r5 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

f9r5

Decoy

teknotimur.com

zuliboo.com

remmingtoncampbell.com

vehicletitleloansphoenix.com

sen-computer.com

98731.biz

shelikesblu.com

canis-totem.com

metaversemedianetwork.com

adsdu.com

vanishmediasystems.com

astewaykebede.com

wszhongxue.com

gacha-animator-free.com

papatyadekorasyon.com

mqc168.top

simplebrilliantsolutions.com

jubileehawkesprairie.com

ridflab.com

conboysfilm.com

Targets

- Target
  
  SecuriteInfo.com.Trojan.PackedNET.1725.22096.15782.exe
- Size
  
  947KB
- MD5
  
  fa16f4fdb2d9ad31bbb18a35ed5aa8e8
- SHA1
  
  9cbe9ad8ae95765033c303abe150cec63642c32a
- SHA256
  
  21e08bb00bf5a84ec339e16296437ef3f5fc98b93d62da5a2e26bebbb2eb5861
- SHA512
  
  06a71d2636af52bc63524cace2066f5e5287d4d68fbb5f7db6f965d6cddbc9b0d92340f8a1e938d2b11acb5eeeff2e5abd15b9e7ab15cb489df351936a74f943
- SSDEEP
  
  12288:k2lmLFCXGPtdUA7pY+ZmBjHUk+qTBcrovP4uo7T2TwmiaY+A7e6u6Z/knOY9y5NI:1YCWl9FhZmBHQronA7TwioA7cO9Lgx
Score

10^/10

formbook f9r5 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookf9r5ratspywarestealertrojan

behavioral2

formbookf9r5ratspywarestealertrojan