formbook

General

Target

bfbb813e9a05c15ec2bc9aa9088bf82c7f5d57e7bfafee7c197944e339d16431.exe
Size

302KB
Sample

230207-pjw8qsbf39
MD5

e092974dbde1ddbcd359bda0538e611a
SHA1

4069e96dd291156f0ba5060bc58c7cefd2ec04a5
SHA256

bfbb813e9a05c15ec2bc9aa9088bf82c7f5d57e7bfafee7c197944e339d16431
SHA512

c03c8d0a5f09dcb27b86b98df862321a0a93e2b6307b714ae590b00fee38fb17466ab72db1bda2c3dcbea740145b0a7343ade4372dea78eeecc07a0b784c334c
SSDEEP

6144:/Ya6TfVC7xXKhPQ7HWpHFHZq1A7tynn9LSXHUBbPv/LsDB9FiZeoQ:/YxfVC7xXcwHWplH468nwkh/LNeoQ

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

scse

Decoy

SKpYFyVNT2zunKf0uuM=

FlEHUseI7I5XbrO8fR/XBcS9ZA==

FPuxoUOxkLiATugw

VKdxsDSk0jdT5Kw=

FpqHf9iI/1tl97E=

YGI6sIl3UIxfZvlD+JiUuuLR

oBAEO0suBEAD5aK00A==

RKJqTzg4gQ/Q6DYSuTjDGkwuyl0ik5Kb8w==

VFg9s3W0/Ype8A3cZb+D7g==

hwD+VNd6014nrsaTWm4FBcS9ZA==

zkAdUq1soKYUfZaTqLmL

XVQ9WbRivUIQ477a/hKv+g==

QireF2geizAwmp674AGc5g==

PSTUQxs6j8OATugw

LHJhyy2VbX8NEqf0uuM=

MiY1vg6T3HqATugw

wqkUjaVXnGgBqA==

jUr/eUtSIT01Wegt

PjQidcqKzAbSZICUZb+D7g==

OkAmcv12sUEAIHwFHakzdIo2FPHw

Targets

- Target
  
  bfbb813e9a05c15ec2bc9aa9088bf82c7f5d57e7bfafee7c197944e339d16431.exe
- Size
  
  302KB
- MD5
  
  e092974dbde1ddbcd359bda0538e611a
- SHA1
  
  4069e96dd291156f0ba5060bc58c7cefd2ec04a5
- SHA256
  
  bfbb813e9a05c15ec2bc9aa9088bf82c7f5d57e7bfafee7c197944e339d16431
- SHA512
  
  c03c8d0a5f09dcb27b86b98df862321a0a93e2b6307b714ae590b00fee38fb17466ab72db1bda2c3dcbea740145b0a7343ade4372dea78eeecc07a0b784c334c
- SSDEEP
  
  6144:/Ya6TfVC7xXKhPQ7HWpHFHZq1A7tynn9LSXHUBbPv/LsDB9FiZeoQ:/YxfVC7xXcwHWplH468nwkh/LNeoQ
Score

10^/10

formbook scse rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2