formbook | e6c55d42e7f24d63fe6c248a2990a6d5561fd5d707127cdae235c72191f1884b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c1d39dd878c4d632adeb649702dd45b7
Size

1.0MB
Sample

240311-2zmqfsba57
MD5

c1d39dd878c4d632adeb649702dd45b7
SHA1

213ae8264ff01053d69cd2f1a9453aba448ec439
SHA256

e6c55d42e7f24d63fe6c248a2990a6d5561fd5d707127cdae235c72191f1884b
SHA512

bd2b99e0b36f7b7b1a0472defe5f043d6a9cf9bcc40df4a864cdd25e63449292c8952cd27c2a9c07f37dc016b38ba6aa1f79c153006510f4c34cbe888069d715
SSDEEP

24576:DUU3ya4Qy/FTCJJYF+Dyr23GG7QHfEWnTHlixHcGbBNbVsc9kdmSo0mKWr:DUa4fdqYQDyy3Gz/EMTHOHF7Js6kvovr

Score

10^/10

formbook odse rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

odse

Decoy

braedlifestyle.com

morganjohnsondesign.online

surup-v48.club

diypoolpaint.sydney

v-b7026-ghhh.space

vetyvar.com

lollydaisy.com

campsitesurvival.com

autocalibre.com

fusiontech3d.com

xn--udkog0cvez259c82sa.xyz

eccentricartist.com

jc-zg.com

wacwin.com

livehealthychoice.com

visijuara.com

phigsa.com

sabayawork.com

afcerd.com

joeyshousesessions.com

Targets

- Target
  
  neue Ordnung18082021.exe
- Size
  
  1.3MB
- MD5
  
  ec16216182b54e48c108ce8dd5e70924
- SHA1
  
  ebf738f475e46fd56fea6e3090f8ef4d0337e636
- SHA256
  
  a532458e37a48eb5222790c56e237b35a6bcd75268527e466890123e4c4778e7
- SHA512
  
  26eadb21ad825441da2fae1b49738bbb309583cf0be8a2ca6bc917b9eac959a477f971416cfe00deee7548c38aab03377a4a9e3fb6337c4ea28883276d1aa1f7
- SSDEEP
  
  24576:k+57Spg/hRCtLUFIDYrSj4S7izveUnhzBqjHg851pf1s89UrmMnfk/iQ2+S0d:ksSS5UUWDYOj4XzeGhz+H/N9saU9fk/r
Score

10^/10

formbook odse rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookodseratspywarestealertrojan

behavioral2

formbookodseratspywarestealertrojan