formbook | 47155987c94e0b921887ed3aa2278fb857781238c518fbea52224728b88b0436 | Triage

Sharing

General

Target

image003(01-03-23-09-11-24).exe
Size

570KB
Sample

240912-k6j5gazhld
MD5

3ad153a9dfa77f9301691953b2d05661
SHA1

ab48904a3f978a17fc74bc11785fb2b3dc2ab8e4
SHA256

47155987c94e0b921887ed3aa2278fb857781238c518fbea52224728b88b0436
SHA512

5b78fc8f38c31d0f228b81718bc54d98214ebb9075532ec4744e457d38e315921da2a705c237535a48d951a5885d459912fce1dff3401ebf6158a593fcf9b9de
SSDEEP

12288:AD7kv3tbsMa/FkR+D1R3dMT2coMQYJVZznMbs:ADopsXK+jiloMtJLznMb

Score

10^/10

formbook m10i discovery execution rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m10i

Decoy

rmani.today

ifebork.xyz

randovation.net

itchen-remodeling-65686.bond

himu.world

reverie.net

9038.top

rowahome.live

obility-scooters-63189.bond

iangchunqiu.top

yhd.fun

eniorsforseniors.biz

z9zs2.shop

kkjinni.buzz

22av373vu.autos

allnyy.fun

qst.digital

rcap.info

745.top

earfulabjectshirkwashclothe.cfd

Targets

- Target
  
  image003(01-03-23-09-11-24).exe
- Size
  
  570KB
- MD5
  
  3ad153a9dfa77f9301691953b2d05661
- SHA1
  
  ab48904a3f978a17fc74bc11785fb2b3dc2ab8e4
- SHA256
  
  47155987c94e0b921887ed3aa2278fb857781238c518fbea52224728b88b0436
- SHA512
  
  5b78fc8f38c31d0f228b81718bc54d98214ebb9075532ec4744e457d38e315921da2a705c237535a48d951a5885d459912fce1dff3401ebf6158a593fcf9b9de
- SSDEEP
  
  12288:AD7kv3tbsMa/FkR+D1R3dMT2coMQYJVZznMbs:ADopsXK+jiloMtJLznMb
Score

10^/10

formbook m10i discovery execution rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookm10idiscoveryexecutionratspywarestealertrojan

behavioral2

formbookm10idiscoveryexecutionratspywarestealertrojan