formbook | 993841103742d791f4dbcdc75757bac6ac7fddf1eb50dcec5a72daddce44cc9e | Triage

Sharing

General

Target

993841103742d791f4dbcdc75757bac6ac7fddf1eb50dcec5a72daddce44cc9e.exe
Size

635KB
Sample

240220-gkyh7acc5w
MD5

266b256a9d1e3e48d3e7f332d55808bc
SHA1

fb3d7c13dc44c3cb476fd0a0f7fd3b377373e8d3
SHA256

993841103742d791f4dbcdc75757bac6ac7fddf1eb50dcec5a72daddce44cc9e
SHA512

3bea81f5f96eae9abc8a6733c0220367e8664b2b2c15c4c663fa03fbf97663ec5becb2cfc3468c796757bfd33912880bd7900796b2da8f3387f629d2cbd606a3
SSDEEP

12288:vSmPwRYnOELz89OW+pPqwABljLt2EnS3KrNLr8StEotSnFKIFN:vSmP0Y74uPqwABlHtzSaaSLSnsiN

Score

10^/10

formbook fr07 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fr07

Decoy

considerateandrefrigerate.com

yuuki.academy

elizabethcaldwellportfolio.com

kegdol.xyz

wecommerce.one

4018mlp.com

nirng8u.online

techmalabar.com

hm885.com

lacademiedespossibles.com

sungnamdobae.com

aldardasha.website

tvkvijay.support

subpreschoolteacher.com

revolutionstealth.com

rtpindo1.store

healingsensationscbd.com

digitalmakeads.cloud

vlascosupplies.com

trautwen.com

Targets

- Target
  
  993841103742d791f4dbcdc75757bac6ac7fddf1eb50dcec5a72daddce44cc9e.exe
- Size
  
  635KB
- MD5
  
  266b256a9d1e3e48d3e7f332d55808bc
- SHA1
  
  fb3d7c13dc44c3cb476fd0a0f7fd3b377373e8d3
- SHA256
  
  993841103742d791f4dbcdc75757bac6ac7fddf1eb50dcec5a72daddce44cc9e
- SHA512
  
  3bea81f5f96eae9abc8a6733c0220367e8664b2b2c15c4c663fa03fbf97663ec5becb2cfc3468c796757bfd33912880bd7900796b2da8f3387f629d2cbd606a3
- SSDEEP
  
  12288:vSmPwRYnOELz89OW+pPqwABljLt2EnS3KrNLr8StEotSnFKIFN:vSmP0Y74uPqwABlHtzSaaSLSnsiN
Score

10^/10

formbook fr07 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookfr07ratspywarestealertrojan

behavioral2

formbookfr07ratspywarestealertrojan