formbook

General

Target

ea54b2d8e2e29ed25f7167eff3c4c5d07f7d350cc89d006fb2039cd848f87ac2.exe
Size

604KB
Sample

240213-gkhsqshc3s
MD5

6f15321a0f0fe177e1f09681d143ca86
SHA1

5451490bbcfee8abf56de3f7bc6f255ca71eaea5
SHA256

ea54b2d8e2e29ed25f7167eff3c4c5d07f7d350cc89d006fb2039cd848f87ac2
SHA512

a84855dd6f076f913b63012a6b25066d3d71c01d8610e164b6d3b29adeb38acbf431bd78a13472048e7641dedd1030bc1df7ca646c03ff8f75d49522b2bc76c2
SSDEEP

12288:8v+xEd6SMcbqY5LO8f4Dvh7Cwp9pkmGFgz2ZSxhLleCcaeeV/7LK3hKzF:jxc7MWqV8fWh7CwHpkmGyzOQtves3iKR

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pz08

Decoy

deespresence.com

fanyablack.com

papermoonnursery.com

sunriseclohting.store

jenstandsforarkansas.com

lkhtalentconsulting.com

baerana.com

hyperphit.com

davidianbrant.com

itkagear.com

web-findmy.site

liveforwardventures.com

skyenglearn.online

studio-sticky.store

yassa-hany.online

tacoshack479.com

bigtexture.xyz

erxkula.shop

go-bloggers.com

qwdlwys.site

Targets

- Target
  
  ea54b2d8e2e29ed25f7167eff3c4c5d07f7d350cc89d006fb2039cd848f87ac2.exe
- Size
  
  604KB
- MD5
  
  6f15321a0f0fe177e1f09681d143ca86
- SHA1
  
  5451490bbcfee8abf56de3f7bc6f255ca71eaea5
- SHA256
  
  ea54b2d8e2e29ed25f7167eff3c4c5d07f7d350cc89d006fb2039cd848f87ac2
- SHA512
  
  a84855dd6f076f913b63012a6b25066d3d71c01d8610e164b6d3b29adeb38acbf431bd78a13472048e7641dedd1030bc1df7ca646c03ff8f75d49522b2bc76c2
- SSDEEP
  
  12288:8v+xEd6SMcbqY5LO8f4Dvh7Cwp9pkmGFgz2ZSxhLleCcaeeV/7LK3hKzF:jxc7MWqV8fWh7CwHpkmGyzOQtves3iKR
Score

10^/10

formbook pz08 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2