formbook | d8ae48ff83b31d072c1a9d988660e2a0be125aa9373a4adb1dd807d0fea4ebe5 | Triage

Sharing

General

Target

a11723be474379dc80852dfeb99d2b4c_JaffaCakes118
Size

1000KB
Sample

240817-eckw1syejj
MD5

a11723be474379dc80852dfeb99d2b4c
SHA1

918834984c6d13577625ae3b93d6207493f7ee15
SHA256

d8ae48ff83b31d072c1a9d988660e2a0be125aa9373a4adb1dd807d0fea4ebe5
SHA512

24d7c9bfe3cdc67c36b5eeabd26e30a7f894a906fb475ff9996b86994e661bb10492d2c0c8da86aa4f51f1e4d1a02ee33400d24f70a27fb4bad9d07a3bb07036
SSDEEP

6144:XJ8hllsOBcUsBIynzr9dqrZUydTslCKhX6X01GvNBpTovheTS7orb36TRJeFE2J:ib9K/nzglTkNbGbpdrn3QQS2s

Score

10^/10

formbook n7ak discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

n7ak

Decoy

audereventur.com

huro14.com

wwwjinsha155.com

antiquevendor.com

samuraisoulfood.net

traffic4updates.download

hypersarv.com

rapport-happy-wedding.com

rokutechnosupport.online

allworljob.com

hanaleedossmann.com

kauai-marathon.com

bepbosch.com

kangen-international.com

zoneshopemenowz.com

belviderewrestling.com

ipllink.com

sellingforcreators.com

wwwswty6655.com

qtumboa.com

Targets

- Target
  
  a11723be474379dc80852dfeb99d2b4c_JaffaCakes118
- Size
  
  1000KB
- MD5
  
  a11723be474379dc80852dfeb99d2b4c
- SHA1
  
  918834984c6d13577625ae3b93d6207493f7ee15
- SHA256
  
  d8ae48ff83b31d072c1a9d988660e2a0be125aa9373a4adb1dd807d0fea4ebe5
- SHA512
  
  24d7c9bfe3cdc67c36b5eeabd26e30a7f894a906fb475ff9996b86994e661bb10492d2c0c8da86aa4f51f1e4d1a02ee33400d24f70a27fb4bad9d07a3bb07036
- SSDEEP
  
  6144:XJ8hllsOBcUsBIynzr9dqrZUydTslCKhX6X01GvNBpTovheTS7orb36TRJeFE2J:ib9K/nzglTkNbGbpdrn3QQS2s
Score

10^/10

formbook n7ak discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookn7akdiscoveryratspywarestealertrojan

behavioral2

formbookn7akdiscoveryratspywarestealertrojan