formbook | aaadb8e27ffc99333e3d23e527051d6dd9acf3df1231463f4e25860edcc13bfb | Triage

Sharing

General

Target

c0e23791ab7c6cacdb0e12de1936ef34_JaffaCakes118
Size

421KB
Sample

240825-q7eh9sxfka
MD5

c0e23791ab7c6cacdb0e12de1936ef34
SHA1

141de697e378c44f0ff7974372d817d0a329193d
SHA256

aaadb8e27ffc99333e3d23e527051d6dd9acf3df1231463f4e25860edcc13bfb
SHA512

63c0c778e4bedd7686b6ce3f44f921a0de49e49fdb76cbd863a0c10c54139e2b3f67e99acb79fd305dba33b20e54454e8ae6bb93f111a4005a0afce1802a89a2
SSDEEP

12288:2bkqLXZyt+qUos3ucYU6x559Gwi4YQ8qJr9h196+fj519w:2QFQqUos1/09ur8hL6Uxw

Score

10^/10

formbook bft discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bft

Decoy

edenicities.com

buntingfordhomeservices.com

nuanceproducoes.com

divasinspire.com

capiturn.com

zbjsn.com

thegioicaytrongnha.com

featherventure.com

onbrandtrading.com

sanguoban.com

doorman.pro

ourhomie.net

iwassickonholiday.com

mrcskin.com

reallycoolmask.com

tkrbeautyinstitut.com

keytomiami.com

sesliduybeni.com

asherwebber.com

starkweatherwindows.net

Targets

- Target
  
  Inquiry pdf.exe
- Size
  
  517KB
- MD5
  
  cb03eb5391971119bf6f81acbb84e1bc
- SHA1
  
  b5f050d050f9af0b4d937514935854c4e52f3eb6
- SHA256
  
  cddf575d340c695e513d03330965f716f8ddf17f5d2fb0929fbb78875653d8b7
- SHA512
  
  d654710622e0781d4119f894a9ab6677a72b20ef2c4d3784aeaf4dcd34b47e2861008be15d3a8d474b8b6b82b395a337f14b05ec470433fd8d8d694315b6d8b1
- SSDEEP
  
  6144:HBzy0/iei9k8mOalFu027X1mKjlpBFR+HPdroDJ8t3T7UmhCCT3dIPSH6MKghy03:PZi9704x/mHJoyx7Lhr/zDEuua+/o
Score

10^/10

formbook bft discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookbftdiscoveryratspywarestealertrojan

behavioral2

formbookbftdiscoveryratspywarestealertrojan