formbook

General

Target

SecuriteInfo.com.Win32.PWSX-gen.21551.10154
Size

629KB
Sample

240328-ezqqsaeb7z
MD5

eebb33a5375ffd40682c86deea752033
SHA1

8ed7b849ba2829a164ee569995f2d4d8a8d90924
SHA256

8859d68e69b5464a0100ca99aed26dec828ae92287ce09ce984db073c66e8e4e
SHA512

77b5fb3046040512a93e4e7069a5e4ded1362c2913b928232d00be416f93619c21e5a3aef20516336eb81e7c4067f88ae67caeada31ddda7480b0a5e3fcf5fe5
SSDEEP

12288:DK0YOwqVT+BnEymdHekIrOuPhKPrbgAoOxCzSb0c6gb/wM4IKkR:DqO7VDVdDIrOusrbZoGWy0c9wM4IJ

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dz25

Decoy

sdw123.com

theflower-jeju.com

bigbargins.shop

xn--grsdetetizao-dcb9c.site

visionprobiz.com

ebruunalsigorta.xyz

51tree.net

tommeynadier.com

spx21.com

researchupdatehub.com

rserveohio.com

schemaconsultant.com

ec-peleti.com

songkokgelhq.shop

sixfigureswithkarah.net

quickfinancebrokerage.com

alliance-couverture.com

heartlandinnovates.com

art-friday.online

curi-o-rama.com

Targets

- Target
  
  SecuriteInfo.com.Win32.PWSX-gen.21551.10154
- Size
  
  629KB
- MD5
  
  eebb33a5375ffd40682c86deea752033
- SHA1
  
  8ed7b849ba2829a164ee569995f2d4d8a8d90924
- SHA256
  
  8859d68e69b5464a0100ca99aed26dec828ae92287ce09ce984db073c66e8e4e
- SHA512
  
  77b5fb3046040512a93e4e7069a5e4ded1362c2913b928232d00be416f93619c21e5a3aef20516336eb81e7c4067f88ae67caeada31ddda7480b0a5e3fcf5fe5
- SSDEEP
  
  12288:DK0YOwqVT+BnEymdHekIrOuPhKPrbgAoOxCzSb0c6gb/wM4IKkR:DqO7VDVdDIrOusrbZoGWy0c9wM4IJ
Score

10^/10

formbook dz25 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2