formbook

General

Target

50ac8fd3c79049dc16386fe5cba4f734.bin
Size

237KB
Sample

230116-y2dnsach29
MD5

fd339ed90559dc2bdcdabfd61a37986f
SHA1

3ddf798643619be11c40706aeebef8778df09986
SHA256

e10b38a2a26a1f63a92ed283aabc8aaa3e630a37be1c101a073dc6d1a556dd94
SHA512

29f8dd82ebf2b5f848f394442452a440dfcb63df22402f16f93d194b03de402b699c72a45086d252863446f272910dd946f8de4d7909788f3f30f74d058b7232
SSDEEP

6144:Bo3Zjh0NS5XLQy//qBtKjZw2zfyUl8QG5yQpLmimAYheBctK:G3ZjMoUMqmjZwAqM8RPyAweBaK

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

scse

Decoy

SKpYFyVNT2zunKf0uuM=

FlEHUseI7I5XbrO8fR/XBcS9ZA==

FPuxoUOxkLiATugw

VKdxsDSk0jdT5Kw=

FpqHf9iI/1tl97E=

YGI6sIl3UIxfZvlD+JiUuuLR

oBAEO0suBEAD5aK00A==

RKJqTzg4gQ/Q6DYSuTjDGkwuyl0ik5Kb8w==

VFg9s3W0/Ype8A3cZb+D7g==

hwD+VNd6014nrsaTWm4FBcS9ZA==

zkAdUq1soKYUfZaTqLmL

XVQ9WbRivUIQ477a/hKv+g==

QireF2geizAwmp674AGc5g==

PSTUQxs6j8OATugw

LHJhyy2VbX8NEqf0uuM=

MiY1vg6T3HqATugw

wqkUjaVXnGgBqA==

jUr/eUtSIT01Wegt

PjQidcqKzAbSZICUZb+D7g==

OkAmcv12sUEAIHwFHakzdIo2FPHw

Targets

- Target
  
  ab70079bd5d9f38db26ee66651c5eb37fa85fb7d42461cde2fc84bdb8df15e41.exe
- Size
  
  248KB
- MD5
  
  50ac8fd3c79049dc16386fe5cba4f734
- SHA1
  
  7400121311b7280b4030c96cfbb1dcc46a0c7963
- SHA256
  
  ab70079bd5d9f38db26ee66651c5eb37fa85fb7d42461cde2fc84bdb8df15e41
- SHA512
  
  69ff72c8ac037b470d5789db2c738f9aea82b7e263763f59e85da591ff8795a6bffb16329a69b361998964343b7102f42d389feb12aa3a4fcfddb08f1f4242cd
- SSDEEP
  
  6144:Lkw+cH+ONtOz2xxtnwWsJZCnTK6uQQS5BjX85tCW:feONtlfWFCnTK6Qkotf
Score

10^/10

formbook scse persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2