formbook | 5134138e30037482cf3fee2a5c98ffb05cb45acf6e6012757f18a2f1c92a6a03 | Triage

Sharing

General

Target

5134138e30037482cf3fee2a5c98ffb05cb45acf6e6012757f18a2f1c92a6a03.exe
Size

719KB
Sample

240104-zbyrpsbgc9
MD5

ff75187c405c0486b7d3ae5499d28772
SHA1

57f793d08d93e8b5b5c9142168726ffd19ff0b0a
SHA256

5134138e30037482cf3fee2a5c98ffb05cb45acf6e6012757f18a2f1c92a6a03
SHA512

9a5a7ab3b07dd5453a2f7930a525f70c10809f3354a5b63541d69dbda05c6aa21af24d3d56552270dca3c89b4162b53a8338fdd6026a178688c45042b63c2978
SSDEEP

12288:Gk5Vxdeh8V/SiC00YkQPvg1SL6Zt3D+wDSkdsj3K8MiRk8RXqpr:dVxd72PYkQPYwL6Zt3DrDbK3JMSlU

Score

10^/10

formbook wd23 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

wd23

Decoy

aibioinnovations.com

healthscienceexperhelp.com

by5fyvjghfg.work

badmintonguide.info

workspace365.biz

us-highprint.shop

bathroomfixa.com

chilewheelsadventure.com

ztg.life

imile.fun

numerocelular.net

liganumerologov.online

nixatowing.top

taxsavvyinc.pro

premiumgifthub.com

pwbj6.site

byronwaller.store

doityourselfwealth.com

birchwoodkeyword.top

zf8egr.xyz

Targets

- Target
  
  5134138e30037482cf3fee2a5c98ffb05cb45acf6e6012757f18a2f1c92a6a03.exe
- Size
  
  719KB
- MD5
  
  ff75187c405c0486b7d3ae5499d28772
- SHA1
  
  57f793d08d93e8b5b5c9142168726ffd19ff0b0a
- SHA256
  
  5134138e30037482cf3fee2a5c98ffb05cb45acf6e6012757f18a2f1c92a6a03
- SHA512
  
  9a5a7ab3b07dd5453a2f7930a525f70c10809f3354a5b63541d69dbda05c6aa21af24d3d56552270dca3c89b4162b53a8338fdd6026a178688c45042b63c2978
- SSDEEP
  
  12288:Gk5Vxdeh8V/SiC00YkQPvg1SL6Zt3D+wDSkdsj3K8MiRk8RXqpr:dVxd72PYkQPYwL6Zt3DrDbK3JMSlU
Score

10^/10

formbook wd23 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookwd23ratspywarestealertrojan

behavioral2

formbookwd23ratspywarestealertrojan