formbook | 92901e1afa61d81882eaf7e1bc51fb693adce114a24e769cf234e1ad15109398 | Triage

Sharing

General

Target

ordem de compra xxx50922 pdf.exe
Size

690KB
Sample

231012-pc6htshf2y
MD5

28993f4b93647dabe6603cbb21a7adb3
SHA1

c2b2a34e7f52d5c173e8982f27783b74347d7e78
SHA256

92901e1afa61d81882eaf7e1bc51fb693adce114a24e769cf234e1ad15109398
SHA512

d8da8a4e5bdafef7f0a15b948bf632d2538bc360120b5d4ed1fa64b581bea8ab66f07bb329947ccec039401f976a229b39245e86860a42794680bfcbce0c65d6
SSDEEP

12288:y06gea2iNP1UF+fSTk+UJtZheVI1m1i65w4BV61RdpNmMEeyxbkN8mZ65+:1Tf1FQUqMhtq75wlpNRBpNcI

Score

10^/10

formbook m0d5 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m0d5

Decoy

thedaintydesign.com

floramiracle.com

k-runimport.com

aquafoodsupply.com

smultipleslogistics.com

althard.com

nicklawsoncreative.com

mting.link

salvadorsdream.com

vijmas.xyz

thornspeakers.com

dsales-academy.com

yesquw.xyz

shosjhdj.sbs

erasmusplusprojects.com

infinity506.com

lojaalphaelite.com

pixelmagicpath.top

primeshiftemporium.site

hssk1k4y.top

Targets

- Target
  
  ordem de compra xxx50922 pdf.exe
- Size
  
  690KB
- MD5
  
  28993f4b93647dabe6603cbb21a7adb3
- SHA1
  
  c2b2a34e7f52d5c173e8982f27783b74347d7e78
- SHA256
  
  92901e1afa61d81882eaf7e1bc51fb693adce114a24e769cf234e1ad15109398
- SHA512
  
  d8da8a4e5bdafef7f0a15b948bf632d2538bc360120b5d4ed1fa64b581bea8ab66f07bb329947ccec039401f976a229b39245e86860a42794680bfcbce0c65d6
- SSDEEP
  
  12288:y06gea2iNP1UF+fSTk+UJtZheVI1m1i65w4BV61RdpNmMEeyxbkN8mZ65+:1Tf1FQUqMhtq75wlpNRBpNcI
Score

10^/10

formbook m0d5 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookm0d5ratspywarestealertrojan

behavioral2

formbookm0d5ratspywarestealertrojan