formbook | 721718e23d15a5c7fac9edeb8a58142101e6fc433bbd476afb47dbcf9f3e1578 | Triage

Sharing

General

Target

c3083c992789a034b1fb977d04b8ec76_JaffaCakes118
Size

3.0MB
Sample

240826-p3d69swbjq
MD5

c3083c992789a034b1fb977d04b8ec76
SHA1

cbaadfedccae1923dfcd39f88aead7fe0f2b018a
SHA256

721718e23d15a5c7fac9edeb8a58142101e6fc433bbd476afb47dbcf9f3e1578
SHA512

ef6a1655a9a4b4ec9207bf7fa645783006f150ffcf87263518a64a52067a13b406c2bd148d45844d3a9a113b1b4cdc1af9b0576fd17171497c80da82dba95990
SSDEEP

24576:mL6eB3zXKwvMmhCdzqUCXQ1AixA0RE/awHQEX+7SsnHugyzs19UX/zy6F:UBZkTqUCXGR2F

Score

10^/10

formbook rzn discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rzn

Decoy

lyeth.net

annatdinh.com

amber-pozzi.com

kalunenterprise.com

knightskysbts.com

drnishamaharaj.com

neverendingbreadsticks.com

asuvac.com

snapbidz.com

autovistoriapredial.net

eskisla.com

fiorej.com

probuscee.com

elysme.com

laizdancefit.com

pet-imports.com

imasshipping.com

greenflagcars.com

essentialoilphotos.com

demolition4us.com

Targets

- Target
  
  HEC Batangas Integrated LNG and Power Project DocumentationsType a message.exe
- Size
  
  1.6MB
- MD5
  
  a03c2d4c4885db5f3e8264e2e0523ee9
- SHA1
  
  53d45a80e79d121ec6745cf8816acb7e6598b897
- SHA256
  
  9dbaa66ef9f31c83ab943932bc96eaf2d6e9c1995b427c75e6e9a259f2c91697
- SHA512
  
  6f2ec109bf1e5b96f35d2b8ff1cc8facad31f329adad3486198f5b80ba38e7a17bf6a10d355f770f4b05b16dc1fedacf43afeaecabdfc8d34b8e998e14135433
- SSDEEP
  
  24576:xlUjX00wR9Uqk8qW0gmRR1Gbp0PjcET+v3JR945EIy8o:xKjXMR9UN8lYGbp0P4E6v3Jf4
Score

10^/10

formbook rzn discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookrzndiscoveryratspywarestealertrojan

behavioral2

formbookrzndiscoveryratspywarestealertrojan