formbook | 2dac9bdaba5c690cfd8294096757b5a80607321dc364080337a0237fa8388f17 | Triage

Sharing

General

Target

867122eba50577eccdc2baadb512178e.bin
Size

601KB
Sample

231211-cszzrsbgg2
MD5

867122eba50577eccdc2baadb512178e
SHA1

8eaef52def03a02d820a40de9d489db953b60853
SHA256

2dac9bdaba5c690cfd8294096757b5a80607321dc364080337a0237fa8388f17
SHA512

611c8dc9bfa0fbcc655e268fd18f1978667bbfd16fa7840c539ec58a5ccb6d969218334f9dfa6827d696cfd9dd23a6e27c0d7578a9ace444160e4634ccbb8bfc
SSDEEP

12288:nc/FuT/euHB93Z5xeOwIqFPkkfd1R1PsSMWDEt:YuLNh1rxiHPLL7h0

Score

10^/10

formbook m82 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m82

Decoy

jamesdevereux.com

artificialturfminneapolis.com

hongmeiyan.com

lojaderoupasbr.com

yit.africa

austinrelocationexpert.com

saiva.page

exitsategy.com

chochonux.com

klosterbraeu-unterliezheim.com

byseymanur.com

sblwarwickshire.co.uk

brazimaid.com

ciogame.com

bronzesailing.com

dwkapl.xyz

022dyd.com

compassandpathwriting.com

alphabet1x.com

selfcleaninghairbrush.co.uk

Targets

- Target
  
  867122eba50577eccdc2baadb512178e.bin
- Size
  
  601KB
- MD5
  
  867122eba50577eccdc2baadb512178e
- SHA1
  
  8eaef52def03a02d820a40de9d489db953b60853
- SHA256
  
  2dac9bdaba5c690cfd8294096757b5a80607321dc364080337a0237fa8388f17
- SHA512
  
  611c8dc9bfa0fbcc655e268fd18f1978667bbfd16fa7840c539ec58a5ccb6d969218334f9dfa6827d696cfd9dd23a6e27c0d7578a9ace444160e4634ccbb8bfc
- SSDEEP
  
  12288:nc/FuT/euHB93Z5xeOwIqFPkkfd1R1PsSMWDEt:YuLNh1rxiHPLL7h0
Score

10^/10

formbook m82 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

formbookm82ratspywarestealertrojan

behavioral2

formbookm82ratspywarestealertrojan