formbook

General

Target

a40b613bca52ec196d6be4ac375d9076922b41cc4742c15a2ff1137bd6400eb7.exe
Size

981KB
Sample

240417-rrrpbsbg85
MD5

249c382387f592eafab7e20a55560280
SHA1

364c13a8ac03c9708d92fa01e5d9d442c94f75dc
SHA256

a40b613bca52ec196d6be4ac375d9076922b41cc4742c15a2ff1137bd6400eb7
SHA512

4c8ff6f05af4967c9d40638c86ea360d9b452d1be86ae6739e9fe36f84e20f7577032d4e32e349a1819777a1af2ce6515356a31533e1f269dbfd18fc86902ad5
SSDEEP

12288:X3/p8sL8kKR0zIYaGzp9t6Mde/l5KCuz65cgOGsLNaYuPjIG4Z6jf:n/p8/pR0EYp9wMdM5Juz6INKPjR4q

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

uu09

Decoy

gnbojjfds.xyz

thepinkpen.net

oclocksl.com

aaaajjjjjffff.com

onlineppl.com

rokomariebook.com

protagonagency.store

brilliant.radio

amaniyaonline.shop

bouqclub.net

mrtranceman.com

mybet88gacor.com

huixua.shop

foundersdao.xyz

pileasures.top

summit-rhode.com

6wwr.top

randombutessential.com

ux-design-courses-85926.bond

domainz.rent

Targets

- Target
  
  a40b613bca52ec196d6be4ac375d9076922b41cc4742c15a2ff1137bd6400eb7.exe
- Size
  
  981KB
- MD5
  
  249c382387f592eafab7e20a55560280
- SHA1
  
  364c13a8ac03c9708d92fa01e5d9d442c94f75dc
- SHA256
  
  a40b613bca52ec196d6be4ac375d9076922b41cc4742c15a2ff1137bd6400eb7
- SHA512
  
  4c8ff6f05af4967c9d40638c86ea360d9b452d1be86ae6739e9fe36f84e20f7577032d4e32e349a1819777a1af2ce6515356a31533e1f269dbfd18fc86902ad5
- SSDEEP
  
  12288:X3/p8sL8kKR0zIYaGzp9t6Mde/l5KCuz65cgOGsLNaYuPjIG4Z6jf:n/p8/pR0EYp9wMdM5Juz6INKPjR4q
Score

10^/10

formbook uu09 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Remote System Discovery

1

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2