formbook

General

Target

ddae367e828d169834f7261f3cba74d2.bin
Size

517KB
Sample

230325-ch1hjscg21
MD5

6cab5461799c3f989d5ef9000b1d06b9
SHA1

82368595c50fbc15238814d250bf8f52163cc065
SHA256

bf1e9601793ecc5678dc9dd449bc1667277258543303b11cb88ec2ffd3bea82d
SHA512

eddc06943b72fb728990b87feb94aa722cc3a87d00394ef7e1b3e8e1d8d2cc99435e9c8678e24b439743929d77ebaf9abfb1782beebc0f6c17b13a8e90525884
SSDEEP

12288:m5D8Jm69TrXXE7h7GxcnwdC6UgsWqn2iGVgOQa9J:e169T767GGwdCZFV2i0gOHJ

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ar73

Decoy

classgorilla.com

b6817.com

1wwuwa.top

dgslimited.africa

deepwaterships.com

hkshshoptw.shop

hurricanevalleyatvjamboree.com

ckpconsulting.com

laojiangmath.com

authenticityhacking.com

family-doctor-53205.com

investinstgeorgeut.com

lithoearthsolution.africa

quickhealcareltd.co.uk

delightkgrillw.top

freezeclosettoilet.com

coo1star.com

gemgamut.com

enrichednetworksolutions.com

betterbeeclean.com

Targets

- Target
  
  c09f9057e4341633036324cbe43955122e503d1b73a979977b43030f4cf1ef10.exe
- Size
  
  1.2MB
- MD5
  
  ddae367e828d169834f7261f3cba74d2
- SHA1
  
  0a7f61bc670a38cce473053b93c3796649f3ce57
- SHA256
  
  c09f9057e4341633036324cbe43955122e503d1b73a979977b43030f4cf1ef10
- SHA512
  
  5ac0dfd3e14198550feed9dcc7e3637f2e1de7d8ad8558f280b8cc9350e2e092eef19b0ddf6f5090c78bb33dd4b0740def662ebb742591ac7b74a46220a3fac4
- SSDEEP
  
  24576:m3hJAVEoHlqRTPEZjimfAygETqHnyCPTONsM:mRJJNRTCbfAygETqHnyCP6NsM
Score

10^/10

formbook ar73 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2