formbook | 2e6fe07659b3d7fd953909856a82866e3927065febbddd09f3e8acb885d12dad | Triage

Sharing

General

Target

fdce18358d597d6df791071d740c425a_JaffaCakes118
Size

855KB
Sample

240420-2g9r9sbf94
MD5

fdce18358d597d6df791071d740c425a
SHA1

12d29b718d32559ccd7ed233711f4e169ee8908a
SHA256

2e6fe07659b3d7fd953909856a82866e3927065febbddd09f3e8acb885d12dad
SHA512

7eeb95df9696f3265cd42b2c994a491210d5d8a73baa8e8236e6edc9badab3fd255fb66f93d51facd9421aded6ac192921f20e31113825765e24ffbcd2fb26ab
SSDEEP

12288:TZ/mi9YLax040VZpgRpspsWAc+dvshMNEd3f94zEh43d4ptqod+m:T6LIIlhjJf9og4NSqogm

Score

10^/10

formbook vd9n rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vd9n

Decoy

theunwrappedcollective.com

seckj-ic.com

tyresandover.com

thetrophyworld.com

fonggrconstruction.com

hopiproject.com

sktitle.com

charlotteobscurer.com

qjuhe.com

girlzglitter.com

createmylawn.com

hempcbgpill.com

zzdfdzkj.com

shreehariessential.com

226sm.com

getcupscall.com

neuralviolin.com

sanskaar.life

xn--fhqrm54yyukopc.com

togetherx4fantasy5star.today

Targets

- Target
  
  fdce18358d597d6df791071d740c425a_JaffaCakes118
- Size
  
  855KB
- MD5
  
  fdce18358d597d6df791071d740c425a
- SHA1
  
  12d29b718d32559ccd7ed233711f4e169ee8908a
- SHA256
  
  2e6fe07659b3d7fd953909856a82866e3927065febbddd09f3e8acb885d12dad
- SHA512
  
  7eeb95df9696f3265cd42b2c994a491210d5d8a73baa8e8236e6edc9badab3fd255fb66f93d51facd9421aded6ac192921f20e31113825765e24ffbcd2fb26ab
- SSDEEP
  
  12288:TZ/mi9YLax040VZpgRpspsWAc+dvshMNEd3f94zEh43d4ptqod+m:T6LIIlhjJf9og4NSqogm
Score

10^/10

formbook vd9n rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookvd9nratspywarestealertrojan

behavioral2

formbookvd9nratspywarestealertrojan