formbook

General

Target

SecuriteInfo.com.Trojan.Garf.Gen.6.7190.31519.exe
Size

272KB
Sample

221213-e4tm8sde74
MD5

1d4d868cf4d8698f270a73cd58c7f41f
SHA1

1b16a35ff3b7656262ebdce1e2fdc0148ad3bf4e
SHA256

afb4878ecf77a506fee3c5d2b817d8197edd0df8baddb32563027023e6bf35cc
SHA512

7c5ffc0bbb762803b57899dc93055e29c60f4fbbf4577a76d3b81ca60a3a2f9c48c8e20abccc5e8aa009efe3261a96566b350caadac6793358b46e63c92543be
SSDEEP

6144:9kw0oUn1IawKrpSts87Jsaz1Dq5RIzEuSX205hfBO:goU1YKrpStsotDq5R89KrXs

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

scse

Decoy

SKpYFyVNT2zunKf0uuM=

FlEHUseI7I5XbrO8fR/XBcS9ZA==

FPuxoUOxkLiATugw

VKdxsDSk0jdT5Kw=

FpqHf9iI/1tl97E=

YGI6sIl3UIxfZvlD+JiUuuLR

oBAEO0suBEAD5aK00A==

RKJqTzg4gQ/Q6DYSuTjDGkwuyl0ik5Kb8w==

VFg9s3W0/Ype8A3cZb+D7g==

hwD+VNd6014nrsaTWm4FBcS9ZA==

zkAdUq1soKYUfZaTqLmL

XVQ9WbRivUIQ477a/hKv+g==

QireF2geizAwmp674AGc5g==

PSTUQxs6j8OATugw

LHJhyy2VbX8NEqf0uuM=

MiY1vg6T3HqATugw

wqkUjaVXnGgBqA==

jUr/eUtSIT01Wegt

PjQidcqKzAbSZICUZb+D7g==

OkAmcv12sUEAIHwFHakzdIo2FPHw

Targets

- Target
  
  SecuriteInfo.com.Trojan.Garf.Gen.6.7190.31519.exe
- Size
  
  272KB
- MD5
  
  1d4d868cf4d8698f270a73cd58c7f41f
- SHA1
  
  1b16a35ff3b7656262ebdce1e2fdc0148ad3bf4e
- SHA256
  
  afb4878ecf77a506fee3c5d2b817d8197edd0df8baddb32563027023e6bf35cc
- SHA512
  
  7c5ffc0bbb762803b57899dc93055e29c60f4fbbf4577a76d3b81ca60a3a2f9c48c8e20abccc5e8aa009efe3261a96566b350caadac6793358b46e63c92543be
- SSDEEP
  
  6144:9kw0oUn1IawKrpSts87Jsaz1Dq5RIzEuSX205hfBO:goU1YKrpStsotDq5R89KrXs
Score

10^/10

formbook scse persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2