formbook

General

Target

93A60B00B3933B1D036AA791E81EFE05249C5563384F2DDD04492B6BE6563583
Size

1.6MB
Sample

230208-v29vfadf27
MD5

04377905d08675dc437756ba2cdfd9fe
SHA1

0efa33091a6aa13f0bdc77bd06a2a103f3c33455
SHA256

93a60b00b3933b1d036aa791e81efe05249c5563384f2ddd04492b6be6563583
SHA512

bf28200e0be3ea3715654dda8b46fd2bc63f99c22ee3cd866f1c0acee25926d4fc0c7b5e2f87130e35f7b60e267dc1f963f102de1498ce8e909cfea2a8899e4b
SSDEEP

49152:KmVBGXV62RHZq7oRc8biOoe8n45yO5CTICfF00kqfd:KmV2V62R5MoRPX4AyO5SDfF00kwd

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gune

Decoy

artentarn.net

allstarpurchaslng.com

lendhave.quest

3yza.com

qpyikn.shop

play-fortuna-win-15.top

jaspergirl.store

naranjacanelaymiel.online

hiddenvalley-farms.com

gas-grills-66023.com

fp-wp.com

livepix.ltda

liholagroup.com

erlinjobs.com

doctorhooper.net

sggwmdkk.shop

ujuyzw.shop

gameclubzeed.com

myhomewish.com

ontopageone.com

Targets

- Target
  
  Payment-Advice.exe
- Size
  
  2.6MB
- MD5
  
  3e416710f120b91849b1878d07ecacd0
- SHA1
  
  71eb6640520773803b0201cf4466ff57cb3ac81f
- SHA256
  
  a56fd898ced9c080955b0ee12f4d652bd1b74ddde43470e94033a288e2b97dfc
- SHA512
  
  3dd24bbff081711efb22f9c4b056e820fbbb45722ef911c7b9bf68b91ed436b2f16af95d2970b29c1d77858f922b4e91b8f2d61856d06d31731de983a796b451
- SSDEEP
  
  49152:l0LiB3F6szZwltsrSKYsbCNICNfoAgQflqB:l3F62ZwDqSsbODNfoAgqK
Score

10^/10

formbook purecrypter gune downloader loader rat spyware stealer trojan
- Detect PureCrypter injector
  loader
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect PureCrypter injector

PureCrypter

Formbook payload

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2