formbook | e40c5bfeba2c0e7654c3d37aed277b635cfdcd8b2ca132a0b539845593b28629 | Triage

Sharing

General

Target

2ee6aac96667a49df963edc8384038b0859d689ab4377e74ac7f45086010c732.zip
Size

694KB
Sample

230321-ryggyabb54
MD5

21909ecf6218ce21c238d8de7d83eb9a
SHA1

47cde47947ee561c6570a0280fe70d1b6454b2bf
SHA256

e40c5bfeba2c0e7654c3d37aed277b635cfdcd8b2ca132a0b539845593b28629
SHA512

abd04eb04e17e9ee953d016a83e79560f497686139d05f641997bf18da3decf80dc02d1889c3ac8229cc929d41d6041339789f09daa29339e57b096714ce4224
SSDEEP

12288:Sdt8hqx3Y37hJdXgVDD4rmMXlvQjdKPPb9UGiv0G33fKwfJ1TLHyPaRYhcYFk6:SdNx3AbdwVDDImSlYjGiGI3CY3SPafB6

Score

10^/10

formbook jr22 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jr22

Decoy

941zhe.com

lunarportal.space

xn--osmaniyeiek-t9ab.online

trejoscar.com

nrnursery.com

quizcannot.cfd

seedstockersthailand.com

watsonwindow.com

wjfholdings.com

weziclondon.com

naruot.xyz

yeji.plus

classicmenstore.com

oharatravel.com

therapyplankits.com

keviegreshonpt.com

qdlyner.com

seithupaarungal.com

casinorates.online

8ug4as.icu

Targets

- Target
  
  2ee6aac96667a49df963edc8384038b0859d689ab4377e74ac7f45086010c732.exe
- Size
  
  749KB
- MD5
  
  6561c71692329e5c4b10948e273ac496
- SHA1
  
  f01d729fbd8934730fd7531fa00649089e531616
- SHA256
  
  2ee6aac96667a49df963edc8384038b0859d689ab4377e74ac7f45086010c732
- SHA512
  
  73fe44ecf169bf6b35b7b3732caf201a6d949739cd5b627137f63dfef68e20ee9132def26672ecd9689a636d269a3e14853b6d771312c764ef23b2a05f762fa5
- SSDEEP
  
  12288:i97mYMUnFW/N5b9hsF+U5u0RX4up4Aev8lZLse1bdHnL+2CzomKsciaicxJnj:i97UrIF+UloE4AevUZhniZzL2iKv
Score

10^/10

formbook jr22 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookjr22ratspywarestealertrojan

behavioral2

formbookjr22ratspywarestealertrojan