formbook

General

Target

DHL Shipment Delivery Notification 18-7-23.zip
Size

589KB
Sample

230719-k964eabd5t
MD5

7f35dc7cd9eeb7254543905f7ac915c7
SHA1

8ea2f6eb0975883b797f984be3412fc5af853193
SHA256

19915399b192ab9b2fff5e466e1dea38b03a29ebd8510d704f0fe5b7fce077f4
SHA512

2acc6104942a6a5528ff595308b66a94f2144a0947eb4f10d8c9de6e171234414e8d1f6055bd9fdeae77f16b3f794b9682b30f702511da354ce5baca94ea608e
SSDEEP

12288:Zn1VU6g5vrpiar3DBZbd1eeQVkfwHcLqYItnTtJBtspdOiQ2y:Zf8l4Q3vR1Djfw8OFtTtvtsnOgy

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn26

Decoy

resenha10.bet

gulshan-rajput.com

xbus.tech

z813my.cfd

wlxzjlny.cfd

auntengotiempo.com

canada-reservation.com

thegiftcompany.shop

esthersilveirapropiedades.com

1wapws.top

ymjblnvo.cfd

termokimik.net

kushiro-artist-school.com

bmmboo.com

caceresconstructionservices.com

kentuckywalkabout.com

bringyourcart.com

miamiwinetour.com

bobcatsocial.site

thirdmind.network

Targets

- Target
  
  DHL Shipment Delivery Notification 18-7-23.exe
- Size
  
  630KB
- MD5
  
  d497e7689faffe7f4b58354d70ef5fcf
- SHA1
  
  e608aea6d75cc78ba127dcc64372f9ea6865cd4e
- SHA256
  
  44b4eef8a260669a21c64f95af4c5ad884b77fc118be9ade37dad2b908a37bee
- SHA512
  
  1bdda51e1c77457459e4e43d8bde4c88f03cd22df4d0a0b06cf19c789612a19591d5335e4777caf0efbc010000b1d17bafc93c458fd9d396958a6f4f2b7d6941
- SSDEEP
  
  12288:hmAY2kcdbL4EfGfWjBeeiSi+9R9obcLY4qt3TjfKiEeS3xjl6ayy3:cN6GEfGfWjBDiaL9oI07tDjfseA
Score

10^/10

formbook sn26 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Blocklisted process makes network request

Checks computer location settings

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2