formbook | 5f8719f381c3dbe465082297c7ce0d2af2954503f737592f19313ac19f9cd294 | Triage

Sharing

General

Target

5f8719f381c3dbe465082297c7ce0d2af2954503f737592f19313ac19f9cd294.exe
Size

1.1MB
Sample

240906-bpwmhayfma
MD5

3a1133a31a67b64ec6165ac328098fdf
SHA1

43c43d1025925785a23ec4b160dfd566135266ca
SHA256

5f8719f381c3dbe465082297c7ce0d2af2954503f737592f19313ac19f9cd294
SHA512

4014477c4f2ab52fd54747891d14e5817ee7090fc2716c1837284f9887b67c58f697278c22a40c4ff30d9d40d16b0e43b907a2927272152b68b6fd4e4bd1db37
SSDEEP

24576:bU1zwrxR4lWzWzm1ejk7ZDsLCoFCS4/d8:40R4lEWzm1e47MCogH/K

Score

10^/10

formbook j7e discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

j7e

Decoy

cefuoficial.com

luxmusicclub.com

getridofmyed.xyz

sports-plaza.com

peteropsomer.com

kemendi.com

divinciresolve.com

readtogrowup.com

hidex-corp.com

aladininternational.com

snesait.art

ezzpick.net

saveashow.com

eazyprintsplus.com

usadatesclub.com

rafaelraf.com

themiamadison.com

regarta.com

aiocitys.net

ahorn-invest.com

Targets

- Target
  
  5f8719f381c3dbe465082297c7ce0d2af2954503f737592f19313ac19f9cd294.exe
- Size
  
  1.1MB
- MD5
  
  3a1133a31a67b64ec6165ac328098fdf
- SHA1
  
  43c43d1025925785a23ec4b160dfd566135266ca
- SHA256
  
  5f8719f381c3dbe465082297c7ce0d2af2954503f737592f19313ac19f9cd294
- SHA512
  
  4014477c4f2ab52fd54747891d14e5817ee7090fc2716c1837284f9887b67c58f697278c22a40c4ff30d9d40d16b0e43b907a2927272152b68b6fd4e4bd1db37
- SSDEEP
  
  24576:bU1zwrxR4lWzWzm1ejk7ZDsLCoFCS4/d8:40R4lEWzm1e47MCogH/K
Score

10^/10

formbook j7e discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookj7ediscoveryratspywarestealertrojan

behavioral2

formbookj7ediscoveryratspywarestealertrojan