formbook | 62ca1c39badbfbc52c6301cb69c8356977db57656c6d98dac7e4ab908753af00 | Triage

Sharing

General

Target

file.exe
Size

810KB
Sample

240731-j9j37szfla
MD5

60bd782aa615ee9354c2221b4ad7b80c
SHA1

f753f3c3c359b38c1051064417d6d0daf89db2c9
SHA256

62ca1c39badbfbc52c6301cb69c8356977db57656c6d98dac7e4ab908753af00
SHA512

0ddc9c16ac39aa6c006bd8ccd11194267b73d646b304f84b911153832dc7a6c960d60ebfc08d0d6314630e124e575bee4c81c75ffa7915faddaeae5d37b351e3
SSDEEP

12288:1y9WilQDz/bhj+nm3m6SsWCG0tP+KpIMD5w2T7S+w74fNJ658N:1wQDfhj+um6SgDEWHPdL65

Score

10^/10

formbook rn10 discovery persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rn10

Decoy

kedai168et.com

mental-olympics.com

pussybuildsstrongbones.net

857691.shop

hisellers.net

exposurecophotography.com

beaded-boutique.net

wednesdayholdings.com

plesacv.xyz

manonlineros.com

a0204.shop

333689g.com

dyprl716h.xyz

pulseirabet.com

fnet.work

bo-2024-001-v1-d1.xyz

ongaurdsecurity.com

giulianacristini.com

miladamani.com

magicalrealmshopkeeper.online

Targets

- Target
  
  file.exe
- Size
  
  810KB
- MD5
  
  60bd782aa615ee9354c2221b4ad7b80c
- SHA1
  
  f753f3c3c359b38c1051064417d6d0daf89db2c9
- SHA256
  
  62ca1c39badbfbc52c6301cb69c8356977db57656c6d98dac7e4ab908753af00
- SHA512
  
  0ddc9c16ac39aa6c006bd8ccd11194267b73d646b304f84b911153832dc7a6c960d60ebfc08d0d6314630e124e575bee4c81c75ffa7915faddaeae5d37b351e3
- SSDEEP
  
  12288:1y9WilQDz/bhj+nm3m6SsWCG0tP+KpIMD5w2T7S+w74fNJ658N:1wQDfhj+um6SgDEWHPdL65
Score

10^/10

formbook rn10 discovery persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookrn10discoverypersistenceratspywarestealertrojan

behavioral2

formbookrn10discoverypersistenceratspywarestealertrojan