formbook

General

Target

938db96ba8d7805216d1159da38fab4bdd45cf95c33190962ab3337e7ad6ccec.r00
Size

596KB
Sample

240423-byy4zsba46
MD5

a4f56daa5924b54370930a94c2047d36
SHA1

fd8d5b13ca8f3180e3d9f32c9b3f78f96adabb47
SHA256

938db96ba8d7805216d1159da38fab4bdd45cf95c33190962ab3337e7ad6ccec
SHA512

dc94b18c9132a76a7eeec905e4fa87810557ccf247ab301408258b800a1bf6263548bc13c11d0d3525ef18eee11b9c5dfda86489bc213d2a49ff387f3462f78f
SSDEEP

12288:zskPdTMrqL9IKZvy9nCmHzHr24nEWaj5A+GbljP3qLzFkMw9pm:IKyrqL9IKZd4HrmTj5A+VLzDwzm

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fs83

Decoy

blastol.space

tomwalkerisfalco.com

us-sumatrraslimbellytonic.com

drywallandpaintingservice.com

vntapp.net

passportpages.site

at-mim.com

yeondagoods.com

teomanyildirim.com

paygame.site

senze.art

alhandco.com

9831bsej.xyz

traumatic.xyz

sos-soutien.com

thetechnolgy.live

washing-machine-46612.bond

marvsneakers.com

shequbaike.net

xc4f35fg4h35fg4h53.top

Targets

- Target
  
  Bank Details.pdf.exe
- Size
  
  649KB
- MD5
  
  70f1ab254a32c6050743605d6f3384d5
- SHA1
  
  526c5e0280cb55ef308312db603e94af4fee0b42
- SHA256
  
  e1fd783c3c5c3a686b2ae04b64ecce2b3c5e00d2bed04cdbf8f420a57d82208e
- SHA512
  
  120d687da81b7fede4954e181bba535b279e81542ed779af0f41f6fda58596b25d1162a950e2633b45d6c9f0034ba91606873a87dc9530aa5fad1d5c2a5bbe8c
- SSDEEP
  
  12288:3f7mvgKnFHMF9XuroT07oUdMIEoKrom2Az3HCqC48wypy/LfcfhtYiQGMXJEGYc:zmvL9MDXurIMMIEHvzrC489ybcfvxQGs
Score

10^/10

formbook fs83 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2