formbook | 0c68bedf273c54fb11df082f5ba6db85fd819cf12f9d40a0a6a683d859315548 | Triage

Sharing

General

Target

cdd74989ccca9c104e0239199f354397_JaffaCakes118
Size

746KB
Sample

240901-aam65staqc
MD5

cdd74989ccca9c104e0239199f354397
SHA1

129d9eae5e82d63cc19c6dfef74cd9d8c903fcf8
SHA256

0c68bedf273c54fb11df082f5ba6db85fd819cf12f9d40a0a6a683d859315548
SHA512

1a8a59e17584164f2a8ec913b65a70219b220e149c209aeccce47bf31a3d56faaa12147e3162045045c3c78437ff244389e065001ef963f8c3424cc4b7089c04
SSDEEP

12288:M9mtiK5oGSjc2YADH/7sG1Zhvqyih/sFOSwHfABaqzSqf2Qq5GWS0gOhk:0+FoGFcf7/vchUESDEZQq5GWXp

Score

10^/10

formbook vd9n discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vd9n

Decoy

theunwrappedcollective.com

seckj-ic.com

tyresandover.com

thetrophyworld.com

fonggrconstruction.com

hopiproject.com

sktitle.com

charlotteobscurer.com

qjuhe.com

girlzglitter.com

createmylawn.com

hempcbgpill.com

zzdfdzkj.com

shreehariessential.com

226sm.com

getcupscall.com

neuralviolin.com

sanskaar.life

xn--fhqrm54yyukopc.com

togetherx4fantasy5star.today

Targets

- Target
  
  cdd74989ccca9c104e0239199f354397_JaffaCakes118
- Size
  
  746KB
- MD5
  
  cdd74989ccca9c104e0239199f354397
- SHA1
  
  129d9eae5e82d63cc19c6dfef74cd9d8c903fcf8
- SHA256
  
  0c68bedf273c54fb11df082f5ba6db85fd819cf12f9d40a0a6a683d859315548
- SHA512
  
  1a8a59e17584164f2a8ec913b65a70219b220e149c209aeccce47bf31a3d56faaa12147e3162045045c3c78437ff244389e065001ef963f8c3424cc4b7089c04
- SSDEEP
  
  12288:M9mtiK5oGSjc2YADH/7sG1Zhvqyih/sFOSwHfABaqzSqf2Qq5GWS0gOhk:0+FoGFcf7/vchUESDEZQq5GWXp
Score

10^/10

formbook vd9n discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookvd9ndiscoveryratspywarestealertrojan

behavioral2

formbookvd9ndiscoveryratspywarestealertrojan