formbook | bdf70143340796eb6300390268cc9aac6808b3225740d19769fe1bc8b621190b | Triage

Sharing

General

Target

d061cb634c7812ea1f9a76c834da662d_JaffaCakes118
Size

429KB
Sample

240906-y3nv5sweqh
MD5

d061cb634c7812ea1f9a76c834da662d
SHA1

cb1fe61a1a28cb6ada60061e8b3929e7213bb618
SHA256

bdf70143340796eb6300390268cc9aac6808b3225740d19769fe1bc8b621190b
SHA512

c4b5d31f9c7c6668f257037acbc258235f70789f9d0bdc391d32365a9a5bc064453fca35800baccca02533270f13fd30cf09ba2b9427d9339c3fc692385ea0e9
SSDEEP

12288:2w5rmS75p0eniwybzYa+UgF+2rJ0+KoNKxGq+9wmv:bzltE+UgFlJJpKxc9Z

Score

10^/10

formbook fr defense_evasion discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

fr

Decoy

koto-saitoshika.com

hamadcartoon.com

findmyperson.com

greenislandspice.com

tzcp5.com

elyfornoville.com

fuqinjiehuodong.com

psog.biz

comercializadoratancitaro.com

marketmuseum.com

yunbaobit.com

weddingvwcamperhire.com

kinetsi.com

garmentsteamersguide.com

firstchoicecorporatehousing.com

musicianunity.com

thetrustsummit.com

xn--v52b27q.com

crismar.net

cawyhy.info

Targets

- Target
  
  d061cb634c7812ea1f9a76c834da662d_JaffaCakes118
- Size
  
  429KB
- MD5
  
  d061cb634c7812ea1f9a76c834da662d
- SHA1
  
  cb1fe61a1a28cb6ada60061e8b3929e7213bb618
- SHA256
  
  bdf70143340796eb6300390268cc9aac6808b3225740d19769fe1bc8b621190b
- SHA512
  
  c4b5d31f9c7c6668f257037acbc258235f70789f9d0bdc391d32365a9a5bc064453fca35800baccca02533270f13fd30cf09ba2b9427d9339c3fc692385ea0e9
- SSDEEP
  
  12288:2w5rmS75p0eniwybzYa+UgF+2rJ0+KoNKxGq+9wmv:bzltE+UgFlJJpKxc9Z
Score

10^/10

defense_evasion discovery formbook fr rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

formbookfrdefense_evasiondiscoveryratspywarestealertrojan