formbook | 9bdc185c4c52ab97921a7d99b7bfe6e22ac5be828d999b19e41983b3c79af0c9 | Triage

Sharing

General

Target

PI_4_5767189090436911808.js Pdf.exe
Size

1.0MB
Sample

221210-ktbbssfc35
MD5

8bd2de9e1f41c0914129b5751eabfbc7
SHA1

7d44cda92b3fa3b237091ce58e0e6e7b416fef91
SHA256

9bdc185c4c52ab97921a7d99b7bfe6e22ac5be828d999b19e41983b3c79af0c9
SHA512

2098eb4f8dbc6e19d1a8a7a9834af370f8d761fd3788afb6a96ba10cc6e5b2575a598e83833e0702a048667ac1a51a16611bb23e3d5b424d3a00ac6074c81ed8
SSDEEP

12288:+FfPpFLaKTy0qtEF2+ZFMISeJY564ALwCxcfWJAO0QDbesJmFPJIvFj3p/TSKyfi:2fPpF+Bt/+6v64/CJ0hF+Nj5rh

Score

10^/10

formbook a19i rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a19i

Decoy

onelovefungi.com

paperlesspoop.com

perfectsalaries.com

tutor-dashboard.com

canucksshine.com

brl-mo6.online

fathistudio.com

iptv-3.com

hbombmedia.com

ifizidi.com

dahuaguinee.com

jyrbz.com

aawwuk.com

aina.health

socialbod.com

27mk.top

gnomeswhognow.net

unrivaledpurpose.com

randy.cloud

referralcodesmarket.com

Targets

- Target
  
  PI_4_5767189090436911808.js Pdf.exe
- Size
  
  1.0MB
- MD5
  
  8bd2de9e1f41c0914129b5751eabfbc7
- SHA1
  
  7d44cda92b3fa3b237091ce58e0e6e7b416fef91
- SHA256
  
  9bdc185c4c52ab97921a7d99b7bfe6e22ac5be828d999b19e41983b3c79af0c9
- SHA512
  
  2098eb4f8dbc6e19d1a8a7a9834af370f8d761fd3788afb6a96ba10cc6e5b2575a598e83833e0702a048667ac1a51a16611bb23e3d5b424d3a00ac6074c81ed8
- SSDEEP
  
  12288:+FfPpFLaKTy0qtEF2+ZFMISeJY564ALwCxcfWJAO0QDbesJmFPJIvFj3p/TSKyfi:2fPpF+Bt/+6v64/CJ0hF+Nj5rh
Score

10^/10

formbook a19i rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

formbooka19iratspywarestealertrojan