formbook

General

Target

26aab22742269499bf0ab190d1dbced96b40b73bd2db51be888da74c29afd95d
Size

581KB
Sample

240417-rssb9abh73
MD5

9e8eda82312aa1d250e2d87fbdfe05e5
SHA1

c950338613af13afa83e283deb52e770291b7fc4
SHA256

26aab22742269499bf0ab190d1dbced96b40b73bd2db51be888da74c29afd95d
SHA512

848b074245890ec3356dbae556eaefe19cd141625b4d2211edb05091a2a65c6fd88fc4e1e11ca70c5f34cafee4b93c37d0358ca5a2830c8e20674e0d49c5756b
SSDEEP

12288:WEenaNJ9FCjTZrQgp6vk6yu2QztTvxffbWfcxohEaghLlrM3PSil:VenafUZMgMeQzdxHbWf8ohX+lr+PV

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pz08

Decoy

deespresence.com

fanyablack.com

papermoonnursery.com

sunriseclohting.store

jenstandsforarkansas.com

lkhtalentconsulting.com

baerana.com

hyperphit.com

davidianbrant.com

itkagear.com

web-findmy.site

liveforwardventures.com

skyenglearn.online

studio-sticky.store

yassa-hany.online

tacoshack479.com

bigtexture.xyz

erxkula.shop

go-bloggers.com

qwdlwys.site

Targets

- Target
  
  a2534f954854e317c575b2b6009219c1f08994d1d5550e638acfa48f188da4ab.exe
- Size
  
  610KB
- MD5
  
  367f6008b54a00fd4632e2c9e1fc1d07
- SHA1
  
  4ffad187b30a3ba5fa545c26ee8ef33da8424665
- SHA256
  
  a2534f954854e317c575b2b6009219c1f08994d1d5550e638acfa48f188da4ab
- SHA512
  
  178730d067fd511a0ca9054d824fa32960ac08cdc062c114bff20d621b8683f52155db24909f76d78d27888aacc40d58001a64c3802e19b6de4620f8100a73c2
- SSDEEP
  
  12288:sxEd6Y8TDSR3LXMwvkZ66bltC4FmxzTjY2dmBrU2CdfLbh:sxcSD2JMJblUcmljY2dmNU2CpLbh
Score

10^/10

formbook pz08 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2