formbook | da111408d9dccb99b2c429d535ca55f6e970d911da4c24553e75d02fe9c00489 | Triage

Sharing

General

Target

85c3d336415e2d1d331b6565559d475b_JaffaCakes118
Size

676KB
Sample

240531-c7pgksde49
MD5

85c3d336415e2d1d331b6565559d475b
SHA1

f117eb6b482560f7db100f6bc2a5d97c983a1506
SHA256

da111408d9dccb99b2c429d535ca55f6e970d911da4c24553e75d02fe9c00489
SHA512

25061663551ac20347d2263fdbb21f4c79f51c30623938bd02179dbb778291646423430c42d2a23367dd06f226ae590cf87f238699f312c5abb1bade22bfdd76
SSDEEP

12288:8zmWSemlxC2WQXoyfNb2tALwvogLDiD/PkVCAkJca:8edl0YhvLwvo+mccJca

Score

10^/10

formbook k8b rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k8b

Decoy

lulubellsgraphicsanddesigns.com

metyx.info

www423337.com

stayliveclothing.com

daluotech.com

thetruthpublished.com

pqlzlnwpz.icu

bilginhayvancilik.com

ismartdvr.com

currenibtc.com

dalesj.com

restaurantlemontblanc.com

lunarstores.com

pho-huy.com

liquidhardrive.com

bcheaplivebuy.com

evisaagency.com

houstonemergencycenter.com

alioverstreet.com

nutrhyp.com

Targets

- Target
  
  85c3d336415e2d1d331b6565559d475b_JaffaCakes118
- Size
  
  676KB
- MD5
  
  85c3d336415e2d1d331b6565559d475b
- SHA1
  
  f117eb6b482560f7db100f6bc2a5d97c983a1506
- SHA256
  
  da111408d9dccb99b2c429d535ca55f6e970d911da4c24553e75d02fe9c00489
- SHA512
  
  25061663551ac20347d2263fdbb21f4c79f51c30623938bd02179dbb778291646423430c42d2a23367dd06f226ae590cf87f238699f312c5abb1bade22bfdd76
- SSDEEP
  
  12288:8zmWSemlxC2WQXoyfNb2tALwvogLDiD/PkVCAkJca:8edl0YhvLwvo+mccJca
Score

10^/10

formbook k8b rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookk8bratspywarestealertrojan

behavioral2

formbookk8bratspywarestealertrojan