formbook

General

Target

4048c5b9e3a9c58b5e7401c9bede2214aa2db2040be064db4059627a2e9662d1
Size

608KB
Sample

240417-rhlrqacg3v
MD5

08562f67651a8efeeed872ad3893ad5c
SHA1

9edddaf837def56da029ff7c50a563d52f63a7c8
SHA256

4048c5b9e3a9c58b5e7401c9bede2214aa2db2040be064db4059627a2e9662d1
SHA512

4d7c8fe2baeb2f1cb78591b3b31ba30c40e44854961c9c20999ac91bc8a99399c0979958423d1530f00b05b34372d1014103b1c477427fb016d55ec014454058
SSDEEP

12288:4+M1heHGai38eMa7hwrs0I7FN8280JByXjiTvZOuCPO2FjI:eQi3xMa7hwhIXiTziTBU5G

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pz08

Decoy

deespresence.com

fanyablack.com

papermoonnursery.com

sunriseclohting.store

jenstandsforarkansas.com

lkhtalentconsulting.com

baerana.com

hyperphit.com

davidianbrant.com

itkagear.com

web-findmy.site

liveforwardventures.com

skyenglearn.online

studio-sticky.store

yassa-hany.online

tacoshack479.com

bigtexture.xyz

erxkula.shop

go-bloggers.com

qwdlwys.site

Targets

- Target
  
  cf722cadc5cd807f450ecd57785c49a4bd1909970bb883adaccadffbe945cb30.exe
- Size
  
  640KB
- MD5
  
  dfd0f762fd0542dfb8c6155cff5c4e3c
- SHA1
  
  733846f769a61f774e786846c3c5da51250dbc90
- SHA256
  
  cf722cadc5cd807f450ecd57785c49a4bd1909970bb883adaccadffbe945cb30
- SHA512
  
  bcde62426af18f3180f3ea31d14567520879e0128d4beda092b2a920d022296c42bd9c4b7e2ba788fc940e5c4abf59acf39e5ef22b2bc466a7e59c471a4d87ab
- SSDEEP
  
  12288:3/ScVvTEazpgOSN2WURS4EDUugrUuU2couM84IgpFrggaIJf9npIe:vSOFzpgOPP6OdUVZP9s2IJlnX
Score

10^/10

formbook pz08 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2