formbook

General

Target

Invoice.exe
Size

993KB
Sample

221209-rk4qbagb81
MD5

6f4d64fcfbc82b91eb1f5e9fcffd15d3
SHA1

1ebe973942db3da29de1dc292b8a0c8601f1e7a0
SHA256

b747df969c4c80638e92b68759a8ced53c3d14bf705ad0fece792a566c9f3de9
SHA512

073b24ff9c67c8005419678674f2aa79b72a38566a5496023def857379a7a2b8e4468d3f2803da81900eb3c8d80809e6d9a20fea2ef9c7a94f726f27cabc038c
SSDEEP

24576:LIfkZ8IvMSd+WmvcGi+Dgr1hJsOSt3RpLJjpF:LNhvgOGNDO7Hyp

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

wu27

Decoy

69/AbbgufRx7loCQ5G4WYQ==

uydiDFvHsFxlIrdq

NBlmCe8ii+DEa2ye5G4WYQ==

LicGnHCl/UZ2UMg=

e2lQ8e1lsXvAeX+U5G4WYQ==

2bF/M54rOGusdYqc5G4WYQ==

mQLidD9i82JIsrqysw==

ZdlDYrcsl/L9eH+U5G4WYQ==

80ucyjCJdqXkcNI=

/eg6aKbVvNkwOcxzZyAx3cCTN5E=

lflaF0MvE+fHXoWmrg==

qRfykIXbxMkND1kwe3I=

s6iSNSVOMwnpvFDxdFLlOfqBMw==

imkLObSlIdc=

oBUBm36yNaZ99JYxenA=

ngFE7+IP8Te6N75o

O6Htl8Oyjb0Msrqysw==

f4JgCEnC0LEC9w==

9+dNeq/hVxaAhxzT1pbgzZ2mb3Nf

980jQpYF3y1wMomLfWU=

Targets

- Target
  
  Invoice.exe
- Size
  
  993KB
- MD5
  
  6f4d64fcfbc82b91eb1f5e9fcffd15d3
- SHA1
  
  1ebe973942db3da29de1dc292b8a0c8601f1e7a0
- SHA256
  
  b747df969c4c80638e92b68759a8ced53c3d14bf705ad0fece792a566c9f3de9
- SHA512
  
  073b24ff9c67c8005419678674f2aa79b72a38566a5496023def857379a7a2b8e4468d3f2803da81900eb3c8d80809e6d9a20fea2ef9c7a94f726f27cabc038c
- SSDEEP
  
  24576:LIfkZ8IvMSd+WmvcGi+Dgr1hJsOSt3RpLJjpF:LNhvgOGNDO7Hyp
Score

10^/10

formbook wu27 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2