formbook | ebdc12a94c386bd8307c063261323cd98646c5bd378a15366451936f29540f44 | Triage

Sharing

General

Target

NEAS.ebdc12a94c386bd8307c063261323cd98646c5bd378a15366451936f29540f44.zip
Size

876KB
Sample

231117-t7arvscc2s
MD5

6d6662eb3099736a67fdaa5740f16657
SHA1

9adac5a2eb3a5fe3a0155bde10e412e346992563
SHA256

ebdc12a94c386bd8307c063261323cd98646c5bd378a15366451936f29540f44
SHA512

60ba0238fa6d5ada06335895afaba051dbf64210175ef7c8e9b40ec656e51450eab8d7da117d25633f1e6f26130e7056deeea612c83dcbe6b93598c86f19272c
SSDEEP

12288:U9qJ3GbAA5561tDXO1nm/IdM9I4OCqyYi7HHB+Qy3VVXNq1Xv5vMpNxt/3HMDT:YqJNo0PDXO0/UCqVeHHBGZQ5vmt/4

Score

10^/10

formbook ao65 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ao65

Decoy

spins2023.pro

foodontario.com

jsnmz.com

canwealljustagree.com

shopthedivine.store

thelakahealth.com

kuis-raja-borong.website

hbqc2.com

optimusvisionlb.com

urdulatest.com

akhayarplus.com

info-antai-service.com

kermisbedrijfkramer.online

epansion.com

gxqingmeng.top

maltsky.net

ictwath.com

sharmafootcare.com

mycheese.net

portfoliotestkitchen.com

Targets

- Target
  
  9008654324456.exe
- Size
  
  996KB
- MD5
  
  ef8d477861854541592ffe50ce56d3da
- SHA1
  
  039477a4c34bc104a4ff797288ef3d8a01900ff6
- SHA256
  
  c7b9dfbcf65edd98aff82ea3e1ffe6b0f83eca9c3c892de4ac8681fc1a2bb6d1
- SHA512
  
  5c753ab3c9f9f627d912be4d147f5285bfcabf9fcbef35d2cbf87cf7a91d7e2282ed96face2f66b8c0236f23476208c45883ea34c8cb1f878ce8ffe370837f88
- SSDEEP
  
  12288:qRP8sE9ARf1zb2iNkuPF337m+lLptOdn4RIdqBQ4U62yEUfrpHrAQU/RVXV0jXvE:U1l5Lm+hptOGRm62nUDpHra925VUS92
Score

10^/10

formbook ao65 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookao65ratspywarestealertrojan

behavioral2

formbookao65ratspywarestealertrojan