formbook

General

Target

7c4e7dc9b73afae121b7f83004013971.bin
Size

262KB
Sample

230330-b2ymmaaf23
MD5

809ee0a89bba98af384e1a8f03b5d9fe
SHA1

3bbad7a42dc3ddcd7c73d36ee7db32f60f9cc58a
SHA256

2cebb91711fec36e567181cd4a08a6deb6be9107382b0040779c5b074df90307
SHA512

e69973502675f22aad5319be4bff70a9d096c3acae3051ad370c64da27d58b5a72e882929032d5319c956e09e74c87fbad4f0c6efc795c9d3760d48773af5308
SSDEEP

6144:g/e/Yb4L4s+SolJHlYTanRcK+nzjhl1d2f0jjjR4juXIobYH8J:n/YbSQlJ2anRz6z319jjjuG

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ar73

Decoy

classgorilla.com

b6817.com

1wwuwa.top

dgslimited.africa

deepwaterships.com

hkshshoptw.shop

hurricanevalleyatvjamboree.com

ckpconsulting.com

laojiangmath.com

authenticityhacking.com

family-doctor-53205.com

investinstgeorgeut.com

lithoearthsolution.africa

quickhealcareltd.co.uk

delightkgrillw.top

freezeclosettoilet.com

coo1star.com

gemgamut.com

enrichednetworksolutions.com

betterbeeclean.com

Targets

- Target
  
  11f78a6f1d2cc4587778143bdc8b011ca509978c26ba60bd41fe74bd6773444d.exe
- Size
  
  731KB
- MD5
  
  7c4e7dc9b73afae121b7f83004013971
- SHA1
  
  f9690031e5fec4f0379598f03bd395b6714206c0
- SHA256
  
  11f78a6f1d2cc4587778143bdc8b011ca509978c26ba60bd41fe74bd6773444d
- SHA512
  
  b10cd46dc62a7bf864ea7c036d7ed4c61cfc29c57d8f480b03f58415a5c1e293d68bc9a9748b4c325c6f142d93c5e86084a01079b6542de43fff7f7408672d2b
- SSDEEP
  
  12288:IcCtsy64aJfjXdCkkJ0sNSLXLnEvZWL8tpIgRmus0F:3RyuNjXdM0pLXLEvZWLEpIgRmus0
Score

10^/10

formbook ar73 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2