formbook | 98a6a5e789c33737c74f6ee52fce41a206867e571c8b8286d3af6f37174dceea | Triage

Sharing

General

Target

98a6a5e789c33737c74f6ee52fce41a206867e571c8b8286d3af6f37174dceea
Size

1.0MB
Sample

240825-cq6pjasdje
MD5

820de48affdf7a70230640b8adb01f67
SHA1

f8f004884c53f8e55fff249a851a614dc2f34bcb
SHA256

98a6a5e789c33737c74f6ee52fce41a206867e571c8b8286d3af6f37174dceea
SHA512

87f1482527d41fe7fb8e715551f69a00b25b62c203bf814032caf200cac503ac39b7464814c64f83d27fa99ec4d9fd1268d4fad6a959d0860dcd42858aa27abb
SSDEEP

24576:HeUVYtXiZ4xN3f7a3fjyOlch/TMtdycjRI/F3:+UYtXiZ4xxzar+oKcja9

Score

10^/10

formbook dei5 discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dei5

Decoy

studiomullerphoto.com

reallionairewear.com

dogsalondoggy-tail.com

excelmache.net

bigdiscounters.com

7986799.com

ignition.guru

xiaoxu.info

jpinpd.com

solpool.info

uchooswrewards.com

everestengineeringworks.com

qianglongzhipin.com

deepimper-325.com

appliedrate.com

radsazemehr.com

vivabematividadesfisicas.com

capacitalo.com

somecore.com

listingclass.net

Targets

- Target
  
  98a6a5e789c33737c74f6ee52fce41a206867e571c8b8286d3af6f37174dceea
- Size
  
  1.0MB
- MD5
  
  820de48affdf7a70230640b8adb01f67
- SHA1
  
  f8f004884c53f8e55fff249a851a614dc2f34bcb
- SHA256
  
  98a6a5e789c33737c74f6ee52fce41a206867e571c8b8286d3af6f37174dceea
- SHA512
  
  87f1482527d41fe7fb8e715551f69a00b25b62c203bf814032caf200cac503ac39b7464814c64f83d27fa99ec4d9fd1268d4fad6a959d0860dcd42858aa27abb
- SSDEEP
  
  24576:HeUVYtXiZ4xN3f7a3fjyOlch/TMtdycjRI/F3:+UYtXiZ4xxzar+oKcja9
Score

10^/10

formbook dei5 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookdei5discoveryratspywarestealertrojan

behavioral2

formbookdei5discoveryratspywarestealertrojan