formbook | 833c675b6b2cfb047c0afc0cca8707cf4631776822e58089fffa24fbc53374ec | Triage

Sharing

General

Target

9bbdfbdfbfc6807ee9bae456d17987c6.zip
Size

352KB
Sample

240901-a4djssvemn
MD5

66f82e95d2e935abd961e5384c00d95f
SHA1

451fbf6963d294d7dee3a7a1102337dfe0bf331c
SHA256

833c675b6b2cfb047c0afc0cca8707cf4631776822e58089fffa24fbc53374ec
SHA512

af9d72837b00400d2044f5c718bf9aff1862281a0b341dee2e148d280776381dfe218684eeb87cb5701af1f24b8e0dc7bf979a0c5ed8b054012866b6326a9ca2
SSDEEP

6144:uXSdgt43XS9HG0ARZFFB32Vvo4L6rQmEpCURiwqrLWrfz:At43im0CF1gvot6hAWrL

Score

10^/10

formbook g8ni discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g8ni

Decoy

nickmowat.com

garethjame.biz

colibrilift.com

vulnerabilitylabs.one

neuro-ai-web-ru.website

16mcnaestreetmooneeponds.com

bestofstmaarten.net

meditelier.com

ragnarduke.com

escueladecampo.com

vongtayvn.com

inmemoriamaan.com

yourpeoplemanager.com

r6-gytr.com

agreeablebeauty.com

snpconfirms.com

tribalurq.quest

purafuse.com

cisco-training-course.com

wery.top

Targets

- Target
  
  4518e39cae8a580d388d0a729d38235d6324d4db1c596ad3db06d661131924b6
- Size
  
  539KB
- MD5
  
  9bbdfbdfbfc6807ee9bae456d17987c6
- SHA1
  
  23bd49f1432429fe862075af73af430d355b881b
- SHA256
  
  4518e39cae8a580d388d0a729d38235d6324d4db1c596ad3db06d661131924b6
- SHA512
  
  b6b69f44c9c110de07056babd9b897b0eb97e97d536fc2ce784a61db0f793c514354b5b521b2062582f4f5fd25f49da7adf9ce2b6d297a0ec2de23d094443498
- SSDEEP
  
  6144:YriM0yt1y1zw4Mt+KGqOY1Ks7nqOI38wWq/7PkI3mzXnqMMmiXmhDkZPAoYUl:3Mkzc0B1Y17nz083q/DkImn/pDkZodU
Score

10^/10

formbook g8ni discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookg8nidiscoveryratspywarestealertrojan

behavioral2

formbookg8nidiscoveryratspywarestealertrojan