formbook | 35a957c128cb8431e412fad3f0a71d392d5bad8433936a99909477a3b9c43bc4 | Triage

Sharing

General

Target

caa15cf238aab71d356c954b1041948d_JaffaCakes118
Size

509KB
Sample

240830-l735eazfjn
MD5

caa15cf238aab71d356c954b1041948d
SHA1

45eda2d654be6c79854b8cb14f3c27f3e024f46f
SHA256

35a957c128cb8431e412fad3f0a71d392d5bad8433936a99909477a3b9c43bc4
SHA512

c395c9dfc59b851b956b2d4bf21bceeb7dafd1e5e9cd6f6286e0e9ae94c7f04442a59c5e57a3ebfdf3e79d71067a3567cd4d65b10772c32a7fb0201adedc30a4
SSDEEP

12288:yu/N1ulb9BayeVL5fO2c6sRWBP0SoivrtzQMG5p45+ygUu8:Pl1umL5fRaRK0SfZznG5p

Score

10^/10

formbook discovery evasion rat spyware stealer trojan

Malware Config

Targets

- Target
  
  caa15cf238aab71d356c954b1041948d_JaffaCakes118
- Size
  
  509KB
- MD5
  
  caa15cf238aab71d356c954b1041948d
- SHA1
  
  45eda2d654be6c79854b8cb14f3c27f3e024f46f
- SHA256
  
  35a957c128cb8431e412fad3f0a71d392d5bad8433936a99909477a3b9c43bc4
- SHA512
  
  c395c9dfc59b851b956b2d4bf21bceeb7dafd1e5e9cd6f6286e0e9ae94c7f04442a59c5e57a3ebfdf3e79d71067a3567cd4d65b10772c32a7fb0201adedc30a4
- SSDEEP
  
  12288:yu/N1ulb9BayeVL5fO2c6sRWBP0SoivrtzQMG5p45+ygUu8:Pl1umL5fRaRK0SfZznG5p
Score

10^/10

formbook discovery evasion rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookdiscoveryevasionratspywarestealertrojan

behavioral2

formbookdiscoveryevasionratspywarestealertrojan