formbook | f84174e4d7479a253628a97250f72d54073d3c3331222986ec4d3b7b5bbf03c6 | Triage

Sharing

General

Target

91da3743bb05e6744e50fe749f5a9cc6.bin
Size

741KB
Sample

230329-bxfw1sfh8v
MD5

8dae0f456ea914a9eabcc3f3d5524f7b
SHA1

f125e01ce28bb8a32d07c1abd56646e0f321dfa1
SHA256

f84174e4d7479a253628a97250f72d54073d3c3331222986ec4d3b7b5bbf03c6
SHA512

031ce43ee6bf8c7253a6ec5ca1d469927ca86a18ded90ea1c07ad94ada964d7eeacef2972639c885ea86687c34aedb92dbca6fa870b062320a84e057b15fdfbd
SSDEEP

12288:bLAjhKqIx4XufDaQ1ZcWwa+GqWykQ1CJpGR5CGp0qX5XjebaTK5KKSxR6uYIKUB7:jqL28ax3Q1CJoBJzAabKmR8InBjhg2H

Score

10^/10

formbook jr22 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jr22

Decoy

941zhe.com

lunarportal.space

xn--osmaniyeiek-t9ab.online

trejoscar.com

nrnursery.com

quizcannot.cfd

seedstockersthailand.com

watsonwindow.com

wjfholdings.com

weziclondon.com

naruot.xyz

yeji.plus

classicmenstore.com

oharatravel.com

therapyplankits.com

keviegreshonpt.com

qdlyner.com

seithupaarungal.com

casinorates.online

8ug4as.icu

Targets

- Target
  
  b3811fa28d3e22cf5029476f6870c54e7fcd4d68da1342bb199ca6d41ed9ff56.exe
- Size
  
  822KB
- MD5
  
  91da3743bb05e6744e50fe749f5a9cc6
- SHA1
  
  fbb00ec09354ded8bf1b7f18f2e9cb2ef0e3d3b3
- SHA256
  
  b3811fa28d3e22cf5029476f6870c54e7fcd4d68da1342bb199ca6d41ed9ff56
- SHA512
  
  08bb7e82f83aa4d5146838b8cdc2c40382656c8db8775792d850b3bf5426f53a4e5b9e3420c16e4b4140767a030e0eab9d3339f5182f6390def143d470f3f277
- SSDEEP
  
  12288:LUJB0Oq8p2ZEtCgO27/mW9XqUjX5OFUuOWGt0p4VedclBeHlOrh1CuQvpAoJhZ:AZpTtV7fjc36veA1Gx9D
Score

10^/10

formbook jr22 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookjr22ratspywarestealertrojan

behavioral2

formbookjr22ratspywarestealertrojan