formbook

General

Target

SecuriteInfo.com.Heur.MSIL.Bladabindi.1.3458.18067.exe
Size

820KB
Sample

230104-keqg6sac5s
MD5

5497af6f553312b23c217ac67fb68f75
SHA1

6577a07e5f4f7d61781bf8e5d36048d0d83c2e16
SHA256

341a04c9291e3c8abdf73234d07209be2d0a7a26bbf156e1c768eb0fa927cb89
SHA512

a0b0c60ef3ef138d79b32bf7e70b8ddd15b86cfa55dd2a90dfd108424f6bc1629433885dda4f02efb4e98e385753554bd8731a69b392ab90a7e180253d62bfb6
SSDEEP

12288:omyJYTpBMlzqvrzuBBQ0505r0L3lSVVdvmJn1s+GJb6Q0T4HBUJ1vU8:ryJYwYiBQ05uAL3lSXd6BGJbc37

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gune

Decoy

artentarn.net

allstarpurchaslng.com

lendhave.quest

3yza.com

qpyikn.shop

play-fortuna-win-15.top

jaspergirl.store

naranjacanelaymiel.online

hiddenvalley-farms.com

gas-grills-66023.com

fp-wp.com

livepix.ltda

liholagroup.com

erlinjobs.com

doctorhooper.net

sggwmdkk.shop

ujuyzw.shop

gameclubzeed.com

myhomewish.com

ontopageone.com

Targets

- Target
  
  SecuriteInfo.com.Heur.MSIL.Bladabindi.1.3458.18067.exe
- Size
  
  820KB
- MD5
  
  5497af6f553312b23c217ac67fb68f75
- SHA1
  
  6577a07e5f4f7d61781bf8e5d36048d0d83c2e16
- SHA256
  
  341a04c9291e3c8abdf73234d07209be2d0a7a26bbf156e1c768eb0fa927cb89
- SHA512
  
  a0b0c60ef3ef138d79b32bf7e70b8ddd15b86cfa55dd2a90dfd108424f6bc1629433885dda4f02efb4e98e385753554bd8731a69b392ab90a7e180253d62bfb6
- SSDEEP
  
  12288:omyJYTpBMlzqvrzuBBQ0505r0L3lSVVdvmJn1s+GJb6Q0T4HBUJ1vU8:ryJYwYiBQ05uAL3lSXd6BGJbc37
Score

10^/10

formbook gune rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2