formbook | 426ffa75739fe8c76f9b42c13944cbde5de6715394131f8e02fa83027de328f2 | Triage

Sharing

General

Target

c33c1121b6648782476182e7364d95c0_JaffaCakes118
Size

835KB
Sample

240826-scxsgazdld
MD5

c33c1121b6648782476182e7364d95c0
SHA1

bdea9a1f15f73a285de33a5aeb485fbda59d912e
SHA256

426ffa75739fe8c76f9b42c13944cbde5de6715394131f8e02fa83027de328f2
SHA512

3ce494908861b9bab0c5f2fb78dabe748c197d094bcd6070e6085f16a28b4f87e2d2ec8b137e2f465aa0b8c183d22d1892333ed4cc7cd189cecd8daf3c678066
SSDEEP

12288:QyBwjP6eP9QMN6cuL7o9rMeeugDd7/a3Z77tWhw2LZT3npZCfJi/pV:QyBwjP6+v6cUo9rfmhO3Z77uB3fqc

Score

10^/10

formbook pu1i discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pu1i

Decoy

academiechaptal.com

kraftcopyagency.com

ds901.com

redtailchillisauce.com

joppamountainclub.com

online-dbm.net

nautilusfoundation.com

psm-gen.com

perpely.com

natwest-services.com

muxviet.mobi

blackmantech.loans

dominantgoal.com

sky-iron.net

sweeten-kneel.xyz

ricardoimports.com

hzzyn.com

cawholesaler.com

tgshydroponics.com

weliketopartytoronto.com

Targets

- Target
  
  c33c1121b6648782476182e7364d95c0_JaffaCakes118
- Size
  
  835KB
- MD5
  
  c33c1121b6648782476182e7364d95c0
- SHA1
  
  bdea9a1f15f73a285de33a5aeb485fbda59d912e
- SHA256
  
  426ffa75739fe8c76f9b42c13944cbde5de6715394131f8e02fa83027de328f2
- SHA512
  
  3ce494908861b9bab0c5f2fb78dabe748c197d094bcd6070e6085f16a28b4f87e2d2ec8b137e2f465aa0b8c183d22d1892333ed4cc7cd189cecd8daf3c678066
- SSDEEP
  
  12288:QyBwjP6eP9QMN6cuL7o9rMeeugDd7/a3Z77tWhw2LZT3npZCfJi/pV:QyBwjP6+v6cUo9rfmhO3Z77uB3fqc
Score

10^/10

formbook pu1i discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookpu1idiscoveryratspywarestealertrojan

behavioral2

formbookpu1idiscoveryratspywarestealertrojan