formbook | 8c86c2c68e14eef2ac6a63da35633b309ef75e7f818a6bf935e56471ed5dae53 | Triage

Sharing

General

Target

8c86c2c68e14eef2ac6a63da35633b309ef75e7f818a6bf935e56471ed5dae53
Size

384KB
Sample

230202-qm3qcsae4w
MD5

ea0406dc2d0cfd68f8620e462406a819
SHA1

aca8beb5b8055efb907e600f0ac51160aee5a548
SHA256

8c86c2c68e14eef2ac6a63da35633b309ef75e7f818a6bf935e56471ed5dae53
SHA512

34c8d16d7a1e54d81eec84c4b4e9bb3b11388bf97317b6d1d0eb396534497c6d490fd43f75c83fde87b7d8aac307fa98b874686a4d42273e20a708f1cc8b24aa
SSDEEP

6144:jYa6yIgee0WsmHcrkflbDpIHTsxLB047a/wlz9POTaZX7UWzkaJqxB:jY1gAFmHc6YgHh7a+pOmX7UyI

Score

10^/10

formbook dcn0 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

dcn0

Decoy

ZVx68vDtAMBCwg==

oBMBvsNORkM/O/ox

Ff9pISWkm6eG4lByIspp

c2T42c6CIIF6B8xTxm9XzpVw

bvjhxRbnAC183w==

0lTttSNG4HUDNflyIspp

hPXFlstqiHA/O/ox

WLR+MeerxZ0cNn1ja+IQAYo=

IHRn4xXOVKi477zarG+ObSy7YJA=

Xhf3e+tdAC183w==

Xk0ZAezv2rWH

kngo+vBeSRN7AszNwam3Osmguuqc0MoC

a2Qp7a+E8fSw7LDjpnqEKjsRZA==

3zjy4E7+QM48wg==

YcCmqT3OUNAigVott2pBKiy7YJA=

4+SMeX1juat/5cZ1AZihcyy7YJA=

/+m7sro0OBTl3TMpCw==

i2ctEfe4//a64yklMsgS2J90

+loZ2QKGX0UWgpvErMs=

b9BNCnJWQJS8IfsR0uR3bCy7YJA=

Targets

- Target
  
  8c86c2c68e14eef2ac6a63da35633b309ef75e7f818a6bf935e56471ed5dae53
- Size
  
  384KB
- MD5
  
  ea0406dc2d0cfd68f8620e462406a819
- SHA1
  
  aca8beb5b8055efb907e600f0ac51160aee5a548
- SHA256
  
  8c86c2c68e14eef2ac6a63da35633b309ef75e7f818a6bf935e56471ed5dae53
- SHA512
  
  34c8d16d7a1e54d81eec84c4b4e9bb3b11388bf97317b6d1d0eb396534497c6d490fd43f75c83fde87b7d8aac307fa98b874686a4d42273e20a708f1cc8b24aa
- SSDEEP
  
  6144:jYa6yIgee0WsmHcrkflbDpIHTsxLB047a/wlz9POTaZX7UWzkaJqxB:jY1gAFmHc6YgHh7a+pOmX7UyI
Score

10^/10

formbook dcn0 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookdcn0ratspywarestealertrojan