formbook | 939ca5032b5fc17d00bb9be7b7cb4bef70691a76ceebf9777b58e9e9845a05d6 | Triage

Sharing

General

Target

d7dd59c45d9c7d647d28b83412e9e1bb_JaffaCakes118
Size

397KB
Sample

240910-j5zcbsvhpc
MD5

d7dd59c45d9c7d647d28b83412e9e1bb
SHA1

1bfd4f114eb6e9cad55206056fecf9da0cba7bdc
SHA256

939ca5032b5fc17d00bb9be7b7cb4bef70691a76ceebf9777b58e9e9845a05d6
SHA512

1c9772f686d149d5e19ace0779681c3f64db051b43db559b74b3e05013e8cc71ef9451df3016f87a54654c8ea3c63498d9f3f3987b0e63f3f71a940521689172
SSDEEP

6144:Di3fBD/vecMMW3b9A53IvHlouxcAG42uZB:ONPkEiHegnT

Score

10^/10

formbook h321 defense_evasion discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

h321

Decoy

getweddinginsurance.com

easterpalette.com

pkitinfo.com

rendaextrabr.com

woodlandmanorapartments.com

tv16091.info

kput.ltd

thutrangshop.com

worldschoolhelper.com

erschaffe-dein-leben-neu.com

svenskamarknaden.com

neterka.com

newagrarianrevival.com

bomeilvye.com

little789.top

datisfile.com

funwithgravity.com

dynatestxplode.com

thepetblarneystone.net

riffstick.com

Targets

- Target
  
  d7dd59c45d9c7d647d28b83412e9e1bb_JaffaCakes118
- Size
  
  397KB
- MD5
  
  d7dd59c45d9c7d647d28b83412e9e1bb
- SHA1
  
  1bfd4f114eb6e9cad55206056fecf9da0cba7bdc
- SHA256
  
  939ca5032b5fc17d00bb9be7b7cb4bef70691a76ceebf9777b58e9e9845a05d6
- SHA512
  
  1c9772f686d149d5e19ace0779681c3f64db051b43db559b74b3e05013e8cc71ef9451df3016f87a54654c8ea3c63498d9f3f3987b0e63f3f71a940521689172
- SSDEEP
  
  6144:Di3fBD/vecMMW3b9A53IvHlouxcAG42uZB:ONPkEiHegnT
Score

10^/10

formbook h321 defense_evasion discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookh321defense_evasiondiscoveryratspywarestealertrojan

behavioral2

formbookh321defense_evasiondiscoveryratspywarestealertrojan