formbook | 6ea15e8cf1ecac907e005bc2681d0ba34dfcf0f0f299599c5da93fe97da18be3 | Triage

Sharing

General

Target

6f4246a44c4b69ed8cc30d0583be906c7a8040216321889da1bd74ba7815aedd.zip
Size

624KB
Sample

230321-ryg4gabb57
MD5

9f430b3a134ddb42559766cb1d04e243
SHA1

5a5901b3f75a72480fdb1f3a6f796afe0a680a1d
SHA256

6ea15e8cf1ecac907e005bc2681d0ba34dfcf0f0f299599c5da93fe97da18be3
SHA512

81cdb37c3da7ac2cfe14621af222897763074d7919b7ee26486f3a8e47818345129d6770cc45d7864860a8eab62dde1a8df20865ffb75a8c7ce339587f43555b
SSDEEP

12288:tJBDj0ry6XmxJPNI93PDWI300XhbhzvfsMVsqLlbC7IFhMBRWx6yXk2:dF6Xem5DWedhzvfsMVRO7IE6XXz

Score

10^/10

formbook n13e rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

n13e

Decoy

cowiemarketing.com

uniqueliquidz.co.uk

755259.com

7bw95.com

luxbarstools.co.uk

baccaratda.com

berkayakpinar.xyz

gistus.africa

hjd387.com

leave-fly.com

golfclubdaddy.com

engineeringea.buzz

countryrevisited.com

decoracioneskalite.com

imaginationlirbary.com

moneytransfer.africa

brainwaveproject.com

3039sjbqf2022.com

184hotels.com

aromamiaro.com

Targets

- Target
  
  6f4246a44c4b69ed8cc30d0583be906c7a8040216321889da1bd74ba7815aedd.exe
- Size
  
  864KB
- MD5
  
  b98feb15976a8317f9edd750d3351f6c
- SHA1
  
  e391a5fa6a96f0c1a69c4487be9c030f2bc40b72
- SHA256
  
  6f4246a44c4b69ed8cc30d0583be906c7a8040216321889da1bd74ba7815aedd
- SHA512
  
  edde72f26fab30e0aeb68ed0a2c681ce85cd3a3fe553b32adbb4b9748c0fe193a11315c7c2313ad58d268e5b4f1502c8bdcc36aeb1aed1c753c69eb9ee644136
- SSDEEP
  
  12288:4Ht0TQJfrqsf88NSL7GrRybMVvC5mDPCegwjcsRvirNotqzR4FP8nKCVk8vBMHYJ:4trbfS7GrRyf5mb7jcgKaiE9dJlNm
Score

10^/10

formbook n13e rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookn13eratspywarestealertrojan

behavioral2

formbookn13eratspywarestealertrojan