formbook | c1191a2395a4bcd7c12c63ed628be5c3df1ab0d0b51d46932716fb0c917c0dde | Triage

Sharing

General

Target

c1b83daeb8757d575a940c65bccb0d1b_JaffaCakes118
Size

955KB
Sample

240825-2degyszhmr
MD5

c1b83daeb8757d575a940c65bccb0d1b
SHA1

857e57fbce938345d8baea856ce232179627e995
SHA256

c1191a2395a4bcd7c12c63ed628be5c3df1ab0d0b51d46932716fb0c917c0dde
SHA512

8a8f80c1de2c2fed85091160b1c6c3912b43ed5627d05abb7a8a713a41bf1edfac06e8bd6023925a82b56eafa5340ed4880705588c5e6b405bf70e6cd7b8c3e9
SSDEEP

12288:/6FSCKAIMqmB0a08IEvs81TMe1vJrW5/n8T8S/5uEJ52:a1fI00z8IR81Tdx+8oE3J

Score

10^/10

formbook mdi discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mdi

Decoy

uproarcatalyst.com

cruisessafaris.com

simplethreads.net

ncsetup.com

dthengjia.com

heyfig.com

inventqa.com

mentoriareset.com

a70a.com

ncolesrose.com

culasarsa.com

southdocknj.com

pistrinalove.com

championvanleasing.com

mazda40.com

lujoscenter.com

wgsol.com

iheart2d.com

olympiccarpetcare.com

aiored.com

Targets

- Target
  
  c1b83daeb8757d575a940c65bccb0d1b_JaffaCakes118
- Size
  
  955KB
- MD5
  
  c1b83daeb8757d575a940c65bccb0d1b
- SHA1
  
  857e57fbce938345d8baea856ce232179627e995
- SHA256
  
  c1191a2395a4bcd7c12c63ed628be5c3df1ab0d0b51d46932716fb0c917c0dde
- SHA512
  
  8a8f80c1de2c2fed85091160b1c6c3912b43ed5627d05abb7a8a713a41bf1edfac06e8bd6023925a82b56eafa5340ed4880705588c5e6b405bf70e6cd7b8c3e9
- SSDEEP
  
  12288:/6FSCKAIMqmB0a08IEvs81TMe1vJrW5/n8T8S/5uEJ52:a1fI00z8IR81Tdx+8oE3J
Score

10^/10

formbook mdi discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookmdidiscoveryratspywarestealertrojan

behavioral2

formbookmdidiscoveryratspywarestealertrojan