formbook | dfa4a44e0f63c067e406e37c7b8915ac728ce6ecc1d13cf280de7064861dd872 | Triage

Sharing

General

Target

75139da89b79d88a8d5f2f527446ecee_JaffaCakes118
Size

419KB
Sample

240526-lrfdeaea61
MD5

75139da89b79d88a8d5f2f527446ecee
SHA1

f9ca1387689e952afaec8de1e30a48ae5a37aa91
SHA256

dfa4a44e0f63c067e406e37c7b8915ac728ce6ecc1d13cf280de7064861dd872
SHA512

486bf73dde2828b53135f7075cf6bcc3c1e42ca50afbce75d610092cc252d6b21efa5176f20554d0225abdf9aeef6adf0f6bc1d8f0a5ff8a7a6e8a44eda16caa
SSDEEP

6144:J4hBCklZb/DZSAv2/5+mRbyGKXNUP8AioXAU+LoutZW20XmsAh6mh3:Or9lZ7DZSAvWbIXtdoXp+YXmsAh6mh3

Score

10^/10

formbook o9bs rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o9bs

Decoy

akasa.technology

necruzrecords.com

funyr.com

granny-mask.com

videoqr.net

grancanariastagandhen.com

bournesolutionsgroup.com

car-shop-kenken.com

2zd8dn5t-mn4.com

a-nakameguro.com

gtl.systems

baizhan180.xyz

tnawxilv.com

dcdhoom.com

dalaman.website

shopredsea.com

rockbrookcapitalholdings.com

carguyla.com

adpservice.net

freecodecast.com

Targets

- Target
  
  75139da89b79d88a8d5f2f527446ecee_JaffaCakes118
- Size
  
  419KB
- MD5
  
  75139da89b79d88a8d5f2f527446ecee
- SHA1
  
  f9ca1387689e952afaec8de1e30a48ae5a37aa91
- SHA256
  
  dfa4a44e0f63c067e406e37c7b8915ac728ce6ecc1d13cf280de7064861dd872
- SHA512
  
  486bf73dde2828b53135f7075cf6bcc3c1e42ca50afbce75d610092cc252d6b21efa5176f20554d0225abdf9aeef6adf0f6bc1d8f0a5ff8a7a6e8a44eda16caa
- SSDEEP
  
  6144:J4hBCklZb/DZSAv2/5+mRbyGKXNUP8AioXAU+LoutZW20XmsAh6mh3:Or9lZ7DZSAvWbIXtdoXp+YXmsAh6mh3
Score

10^/10

formbook o9bs rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooko9bsratspywarestealertrojan

behavioral2

formbooko9bsratspywarestealertrojan