formbook

General

Target

PaymentCopy121922.exe
Size

733KB
Sample

221219-kkaznshf4v
MD5

05271d119938959aad2d32404ef0d9cf
SHA1

1409bf13515044a066e694493182b7405ea6efaa
SHA256

6ff54e94c6557ae213d67159c8c8bbdc84079801ba263631f9c7a798f660eaad
SHA512

e313a4313611c66104563cc3dde78dd9869a5b5070082b3d859bdb96b493fdc2fdbab4014baa3ecc7196b3d44c6842f2f1f5b943e119ac316872bbaed911ec15
SSDEEP

12288:5xx2cHss/S+PsN2/fFac/uL9eEhkAEZC4Gf3acHVNc42xtAq:rx2cHs6SqHdaOuBEZC4u37Vm42nAq

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

snky

Decoy

AiMFvkl6+A4HEgZ99q5x4naN7lGmvJo=

tvj/KUTKeKgxszIemQ==

DTrTokBrjB5leF4=

tPeTOuIjJPtH

taxtMdIygEdpskxzOQ2ZjoAEeA==

CxLuaKAFRrJyuIqQUPbhZw==

Tn4fapT5kPmk1H0gpXQ=

h5p8hDqGSiRzdSbV

i3lg8tbRNRU6jC9pQSOxzHYZgpbnOKBx

EwbfBo6m+UXU2qaVUPbhZw==

WpeenFSMquJ3xXD1/b43

niV5qTFu3tfmcgrI

fqyyyElbdxWswJ7A

Lh7o92ZOr4ghbwvK

Y2RYMDue4x+KszIemQ==

lN3Y3z5AS85eah1MDvfFQQA=

uq+Oqh8MNRxHOOkqA9lqYEZZhJU=

FEtGDeGnnRoSQEM=

TkMlruotvsmtpFwg6shr03LjwMWGow==

7PGx8hNMep8EMj5Q39dsq16IbbaIrA==

Targets

- Target
  
  PaymentCopy121922.exe
- Size
  
  733KB
- MD5
  
  05271d119938959aad2d32404ef0d9cf
- SHA1
  
  1409bf13515044a066e694493182b7405ea6efaa
- SHA256
  
  6ff54e94c6557ae213d67159c8c8bbdc84079801ba263631f9c7a798f660eaad
- SHA512
  
  e313a4313611c66104563cc3dde78dd9869a5b5070082b3d859bdb96b493fdc2fdbab4014baa3ecc7196b3d44c6842f2f1f5b943e119ac316872bbaed911ec15
- SSDEEP
  
  12288:5xx2cHss/S+PsN2/fFac/uL9eEhkAEZC4Gf3acHVNc42xtAq:rx2cHs6SqHdaOuBEZC4u37Vm42nAq
Score

10^/10

formbook snky rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2