formbook | 3d964b03d60d1d6b2540de04190ce7d7b7c62fe7e98e9279fe40864795e7875f | Triage

Sharing

General

Target

3d964b03d60d1d6b2540de04190ce7d7b7c62fe7e98e9279fe40864795e7875f
Size

605KB
Sample

240417-r5mbrscf99
MD5

2d8841821b7a9f1309d4d54aade5e3c0
SHA1

c51951b89fb4d78f8220eea242dc0cf0cd02980a
SHA256

3d964b03d60d1d6b2540de04190ce7d7b7c62fe7e98e9279fe40864795e7875f
SHA512

0867c2e91ba9432f192945452de574850c635238e1c97ae6b677aa12974eb192a61385a15d1cdf465a75d29bd91e88c4832dd3f2d603a8dbe9399184402f45d7
SSDEEP

12288:Tgz6tIJ87rYl9FKCP081pU4JSbQa+a4uxxZOZkUjlQ4vxH9INOY3zzf++tkUUucv:TsWIJ8IFKCckwg9uxxoZkUjm4v1WNFz0

Score

10^/10

formbook jk56 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jk56

Decoy

kizuna2.vip

puravivemofficial.store

54xz.vip

sanifulimited.com

somersworthtowing.top

pchsedmonton.com

zbtltex.com

basyekeyword.top

roguexdayz.com

everskincare.shop

kpsnkn.wiki

mm272.site

artisticwebart.com

burduremlakilan.com

begrafeniskaarsen.com

kartepekonaklamarehberi.com

go-onlineworld.com

worleud.net

pilihganjar.com

themagtimes.com

Targets

- Target
  
  299fa2601344081d80079815643aad1bc5ac812031048754be53a3917308af1e.exe
- Size
  
  681KB
- MD5
  
  cc3b8778138ce976ad5b2442c1db64db
- SHA1
  
  da7bfa6540ea1f14d6178cc60d6bbdfe1193a118
- SHA256
  
  299fa2601344081d80079815643aad1bc5ac812031048754be53a3917308af1e
- SHA512
  
  ae5ab61789365ad5e9cd466bc3d76e3c8139b3137966c6d5fbbfa0f7ff07910279a4329189d48c30665cfe48608c90d06aeb0068a53cbd8c96c2ff7d445dd03e
- SSDEEP
  
  12288:dm1emB2gjjN2iN+X6s1Ej3Bti9JFTpRPGzeXU+ORC1iWxZnh6ZBiA9v:dmkgjjN1e1EjRti9Jp7krw0WxSZBT
Score

10^/10

formbook jk56 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

formbookjk56ratspywarestealertrojan

behavioral2

formbookjk56ratspywarestealertrojan