formbook | 9a61af111cbd13d732b4b7a62c03fe4d3f0e725d61a4445eef4b76d90f79bd12 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ef8d477861854541592ffe50ce56d3da.bin
Size

879KB
Sample

231118-d6bd1aac58
MD5

eac3c8a7fcfab795aac5e9a958ba2ab1
SHA1

668c8090dcbe51d8a98c7983254ed45ac93354de
SHA256

9a61af111cbd13d732b4b7a62c03fe4d3f0e725d61a4445eef4b76d90f79bd12
SHA512

84d0f7e02524c8fb231835894fd014b4a2275df05ab6ed8c25b5d1112b8c857f21130fcdf945606421f59f29bdbf1e8fbf54306b29e2093abeb200f72b215b02
SSDEEP

12288:n566jxl/WY4hpX5rRVZ3D9Ij3fz+qKxC6vfPLuZs/CdC1nmYPvQ/8nH6xsWqL+MY:n5hb+PrpZIP+qKRv3CsdmYntiqwV

Score

10^/10

formbook ao65 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ao65

Decoy

spins2023.pro

foodontario.com

jsnmz.com

canwealljustagree.com

shopthedivine.store

thelakahealth.com

kuis-raja-borong.website

hbqc2.com

optimusvisionlb.com

urdulatest.com

akhayarplus.com

info-antai-service.com

kermisbedrijfkramer.online

epansion.com

gxqingmeng.top

maltsky.net

ictwath.com

sharmafootcare.com

mycheese.net

portfoliotestkitchen.com

Targets

- Target
  
  ef8d477861854541592ffe50ce56d3da.bin
- Size
  
  879KB
- MD5
  
  eac3c8a7fcfab795aac5e9a958ba2ab1
- SHA1
  
  668c8090dcbe51d8a98c7983254ed45ac93354de
- SHA256
  
  9a61af111cbd13d732b4b7a62c03fe4d3f0e725d61a4445eef4b76d90f79bd12
- SHA512
  
  84d0f7e02524c8fb231835894fd014b4a2275df05ab6ed8c25b5d1112b8c857f21130fcdf945606421f59f29bdbf1e8fbf54306b29e2093abeb200f72b215b02
- SSDEEP
  
  12288:n566jxl/WY4hpX5rRVZ3D9Ij3fz+qKxC6vfPLuZs/CdC1nmYPvQ/8nH6xsWqL+MY:n5hb+PrpZIP+qKRv3CsdmYntiqwV
Score

1^/10
behavioral1 behavioral2
- Target
  
  c7b9dfbcf65edd98aff82ea3e1ffe6b0f83eca9c3c892de4ac8681fc1a2bb6d1.exe
- Size
  
  996KB
- MD5
  
  ef8d477861854541592ffe50ce56d3da
- SHA1
  
  039477a4c34bc104a4ff797288ef3d8a01900ff6
- SHA256
  
  c7b9dfbcf65edd98aff82ea3e1ffe6b0f83eca9c3c892de4ac8681fc1a2bb6d1
- SHA512
  
  5c753ab3c9f9f627d912be4d147f5285bfcabf9fcbef35d2cbf87cf7a91d7e2282ed96face2f66b8c0236f23476208c45883ea34c8cb1f878ce8ffe370837f88
- SSDEEP
  
  12288:qRP8sE9ARf1zb2iNkuPF337m+lLptOdn4RIdqBQ4U62yEUfrpHrAQU/RVXV0jXvE:U1l5Lm+hptOGRm62nUDpHra925VUS92
Score

10^/10

formbook ao65 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

formbookao65ratspywarestealertrojan

behavioral4

formbookao65ratspywarestealertrojan