formbook | b6a9be2713b7637f854550ad474b5214e18bb760da0142e02b288510d2c6175e | Triage

Sharing

General

Target

28f253dd70ec114954cb9720bc2e833b.zip
Size

417KB
Sample

240901-n1p1bazfqa
MD5

93fe88b5ac0dba7266a8d20b0973caea
SHA1

764f9416c763893daec4f5cd3a6fd35f02f7d928
SHA256

b6a9be2713b7637f854550ad474b5214e18bb760da0142e02b288510d2c6175e
SHA512

b0dd959a123927c4b7ccdc26bf72bbb9205cb153aeca0fcb148dd91d0d8456c8c7c8acbd2ba2982be08c84600cd04d3e12a2e84307b2d37772f5b2e0ab98e5a6
SSDEEP

6144:wAfJPMMGgBZZYPJiaSF9kQgBsP+qs2Damb3+T3hHtTROwjtR4HowbT42Hj+Glz:rbGgvZYMin2lb3mZtTt2Hx42H3z

Score

10^/10

formbook oy1n discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oy1n

Decoy

tammiestakeyqynaxbsjxgt.com

whbx-sfgsge1009-xvsdf.xyz

0ass52.icu

alfer-creacions.com

jsscr5.icu

kclearyart.com

studioandric.com

2zem.online

convert-course.com

fonduesetdirect.com

pohonrambutan.com

dousujing.net

dizzydamesdesigns.com

sphetbiubr318-nifty.xyz

bolader.com

casaceramique.com

ugrza.tech

pakzak.com

mjrandsons.com

happyandrelaxedstore.com

Targets

- Target
  
  51b54616de868dfaa1addcc28e0ca99f66a061de672858c2cdccafcce04aa335
- Size
  
  524KB
- MD5
  
  28f253dd70ec114954cb9720bc2e833b
- SHA1
  
  89bbf2aad3258e47a338d0344509fd051cac842c
- SHA256
  
  51b54616de868dfaa1addcc28e0ca99f66a061de672858c2cdccafcce04aa335
- SHA512
  
  15b8d8afd9eaf879dd2587dd923b481c7de71653b49f7c0adb91e253d276a92661721bf552c18ec5243e1f10078f8d09b5d2e1bacbc0f5f364cf4a8d3857848c
- SSDEEP
  
  12288:AUi2iNekn+gWfltKCgfNQoJNu7OcJeDWh5lgCFI:AUi1Qk1Wn6aNYDW9
Score

10^/10

formbook oy1n discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookoy1ndiscoveryratspywarestealertrojan

behavioral2

formbookoy1ndiscoveryratspywarestealertrojan