formbook

General

Target

e1fd783c3c5c3a686b2ae04b64ecce2b3c5e00d2bed04cdbf8f420a57d82208e.exe
Size

649KB
Sample

240423-cfv52sbe4v
MD5

70f1ab254a32c6050743605d6f3384d5
SHA1

526c5e0280cb55ef308312db603e94af4fee0b42
SHA256

e1fd783c3c5c3a686b2ae04b64ecce2b3c5e00d2bed04cdbf8f420a57d82208e
SHA512

120d687da81b7fede4954e181bba535b279e81542ed779af0f41f6fda58596b25d1162a950e2633b45d6c9f0034ba91606873a87dc9530aa5fad1d5c2a5bbe8c
SSDEEP

12288:3f7mvgKnFHMF9XuroT07oUdMIEoKrom2Az3HCqC48wypy/LfcfhtYiQGMXJEGYc:zmvL9MDXurIMMIEHvzrC489ybcfvxQGs

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fs83

Decoy

blastol.space

tomwalkerisfalco.com

us-sumatrraslimbellytonic.com

drywallandpaintingservice.com

vntapp.net

passportpages.site

at-mim.com

yeondagoods.com

teomanyildirim.com

paygame.site

senze.art

alhandco.com

9831bsej.xyz

traumatic.xyz

sos-soutien.com

thetechnolgy.live

washing-machine-46612.bond

marvsneakers.com

shequbaike.net

xc4f35fg4h35fg4h53.top

Targets

- Target
  
  e1fd783c3c5c3a686b2ae04b64ecce2b3c5e00d2bed04cdbf8f420a57d82208e.exe
- Size
  
  649KB
- MD5
  
  70f1ab254a32c6050743605d6f3384d5
- SHA1
  
  526c5e0280cb55ef308312db603e94af4fee0b42
- SHA256
  
  e1fd783c3c5c3a686b2ae04b64ecce2b3c5e00d2bed04cdbf8f420a57d82208e
- SHA512
  
  120d687da81b7fede4954e181bba535b279e81542ed779af0f41f6fda58596b25d1162a950e2633b45d6c9f0034ba91606873a87dc9530aa5fad1d5c2a5bbe8c
- SSDEEP
  
  12288:3f7mvgKnFHMF9XuroT07oUdMIEoKrom2Az3HCqC48wypy/LfcfhtYiQGMXJEGYc:zmvL9MDXurIMMIEHvzrC489ybcfvxQGs
Score

10^/10

formbook fs83 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2