formbook

General

Target

Order #3682A.exe
Size

831KB
Sample

221210-f254xshg4w
MD5

6948508a9070fe89a4906e42d6cac4e2
SHA1

cd8242152d2c51192a8ae008bfde01c2d25b7e3f
SHA256

f4716cf29a2fa3ff5650ff6a4d35a26a5a534658fe7518fdf2c08554158db841
SHA512

607ffe31a6afde2a031653fa799699266ec8fd81c2167d6d528f1efddf56170d2bdc25b5ecc20aaa8e141c020feeda9bf2eb9d40cd7855c97119c6499ba07fdf
SSDEEP

12288:nc1jmaMqXWL34QDWSCyzM6UdloxgWRjB+FgKZ/nXt7virmWhlGLaQYI:c1qAM4QCgzxUdlJWRjB

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

n2hm

Decoy

XCeG4IxNKbAl

YzJWbnC+El84nA==

KAJcdmP8yEcO5LXPCFF42Wfb

I+J+xYO95GJQWVU=

GtgxPPv3FmQmhw==

Og9NYF4xEl+j7vGTR93xvg==

506Cg07bsT0G6yK+A96H0h35V+JLkwI=

wAYXFN+pSFIXgQ==

ijzLI/f+FmQmhw==

UfT2PweNm+w8

GQWVw5aZnfF/kS5e

30BKYjua9zcA7gAwsPUngLnjyrBNEgo=

AM65OrmyFmQmhw==

VSlTVxISZ4J/kS5e

GGKj6K33SRh6e0/YzT5nQGlK5CXRqw==

B9H98cUUfX+AWOqiTA==

MxVffWOIoVnM37zrd2sTaOY=

z6bxCgG/mGhR7oDzQA==

pQgSLSRi6AK3M/PdArpX

6rRRsYuSnXx/kS5e

Targets

- Target
  
  Order #3682A.exe
- Size
  
  831KB
- MD5
  
  6948508a9070fe89a4906e42d6cac4e2
- SHA1
  
  cd8242152d2c51192a8ae008bfde01c2d25b7e3f
- SHA256
  
  f4716cf29a2fa3ff5650ff6a4d35a26a5a534658fe7518fdf2c08554158db841
- SHA512
  
  607ffe31a6afde2a031653fa799699266ec8fd81c2167d6d528f1efddf56170d2bdc25b5ecc20aaa8e141c020feeda9bf2eb9d40cd7855c97119c6499ba07fdf
- SSDEEP
  
  12288:nc1jmaMqXWL34QDWSCyzM6UdloxgWRjB+FgKZ/nXt7virmWhlGLaQYI:c1qAM4QCgzxUdlJWRjB
Score

10^/10

formbook n2hm rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2