formbook

General

Target

3b8907deb97d9b980e44e2450773345676d90f1cca5d45802ce21d7c63d66b1f
Size

568KB
Sample

240417-rqv1csbg37
MD5

ab0d734a4c97e26b56197f48c3807b34
SHA1

06bee203d3872f2c2242e972ac38e44dd31baaf5
SHA256

3b8907deb97d9b980e44e2450773345676d90f1cca5d45802ce21d7c63d66b1f
SHA512

ba6bbdd3414b14341c8d0ce0e0761f6b8d3b37f172b925ffa2d3ddbbdb1194377c09184bbf6b2f879bb2e406831abf3b3814312e22bce63b7de208d7e95ad378
SSDEEP

12288:R018SFaKDk7Aq0QUdi8Fh4QwdVTMZDnuOLjLfQSxf4DeSIpEPByviWs:Re8SFaK20xi8Fh4XED9QSxf46NviWs

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gy14

Decoy

mavbam.com

theanhedonia.com

budgetnurseries.com

buflitr.com

alqamarhotel.com

2660348.top

123bu6.shop

v72999.com

yzyz841.xyz

247fracing.com

naples.beauty

twinklethrive.com

loscaseros.com

creditspisatylegko.site

sgyy3ej2dgwesb5.com

ufocafe.net

techn9nehollywoodundead.com

truedatalab.com

alterdpxlmarketing.com

harborspringsfire.com

Targets

- Target
  
  1d5692148172354fedfed8e9e8f368a59a8c2c6372c7885e80087d9ba5ad76c1.exe
- Size
  
  605KB
- MD5
  
  cd8edca1396524d51a71ca38b7f5273f
- SHA1
  
  d8a092cd9c6d4034e1dae4c850169e38ba46ff7b
- SHA256
  
  1d5692148172354fedfed8e9e8f368a59a8c2c6372c7885e80087d9ba5ad76c1
- SHA512
  
  921c1e74fe46209a20515c7c31bbb972d671e691ddb204d5ba0c69d8ebdd2030eeac2a267db067d0157751e2e11cce3fc68bbab79406e671f255528ad8b310d0
- SSDEEP
  
  12288:5ekeQ5vziy6BQgKPZn3HB78Ujj0nGDRql6w2lgHiKeee9JMALH/6V6Cs2:5ekriy6CzB3CnGo/CKeee9J1S
Score

10^/10

formbook gy14 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2