formbook | c9913540ced2148e50e55dbbb6c2fac3d0f909646f18f22b974b52f33641e812 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c9913540ced2148e50e55dbbb6c2fac3d0f909646f18f22b974b52f33641e812
Size

606KB
Sample

230707-l8n2wagc77
MD5

81895faac851dd56f820886f4a74eed7
SHA1

c28d4f091f5f2a762641f816a62e625fb7e16ad5
SHA256

c9913540ced2148e50e55dbbb6c2fac3d0f909646f18f22b974b52f33641e812
SHA512

004a264175d78ba1e8fc85f8fa4ae28bee9b9d385b6891da68db6e1cb0674acd3df49d542f54d362665b76a3fd9413d34f700eabde24d54a394cea7cf291263a
SSDEEP

12288:uPn4SXpaYkhpwHm3QVjp9MBSORnzf9uASi:uPn4SXpaxhpvAVt9M/p0

Score

10^/10

formbook ea04 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ea04

Decoy

gfdgtb.fun

ghv.xn--9dbq2a

lilmany.com

zbapexsurgical.biz

greatvalley.church

1wincasinoofficial.xyz

dexla.site

forwardresolutions.com

memberfamily.com

fhsmsc.com

maxon-tec.com

123tta.com

newvoicehouseoflife.shop

easeguardacademy.com

7788ta.com

rfoodindustry.com

77128888.email

hoxland.com

serviceprint.fun

6927ij.top

Targets

- Target
  
  c9913540ced2148e50e55dbbb6c2fac3d0f909646f18f22b974b52f33641e812
- Size
  
  606KB
- MD5
  
  81895faac851dd56f820886f4a74eed7
- SHA1
  
  c28d4f091f5f2a762641f816a62e625fb7e16ad5
- SHA256
  
  c9913540ced2148e50e55dbbb6c2fac3d0f909646f18f22b974b52f33641e812
- SHA512
  
  004a264175d78ba1e8fc85f8fa4ae28bee9b9d385b6891da68db6e1cb0674acd3df49d542f54d362665b76a3fd9413d34f700eabde24d54a394cea7cf291263a
- SSDEEP
  
  12288:uPn4SXpaYkhpwHm3QVjp9MBSORnzf9uASi:uPn4SXpaxhpvAVt9M/p0
Score

10^/10

formbook ea04 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookea04ratspywarestealertrojan

behavioral2

formbookea04ratspywarestealertrojan