formbook | 06a3b752f015dcb8c15bb2e5612f06abc91ce3828de78fac0a2ac1a4b673abfb | Triage

Sharing

General

Target

dc8006133a902b65968cc86055101145_JaffaCakes118
Size

648KB
Sample

240912-sqfq4s1cqh
MD5

dc8006133a902b65968cc86055101145
SHA1

e9dc62dfc95c7527d4608292da3a0b24bbb8b8e6
SHA256

06a3b752f015dcb8c15bb2e5612f06abc91ce3828de78fac0a2ac1a4b673abfb
SHA512

9bd1702fa5529ac025b6abd9b6115877ad44fa6aab01169db5eafb8002f523d76fcf8d4fa0350201c4ce9e01b69c622b87378a72dfc44433f9066caec49373e3
SSDEEP

12288:yGbfLRlCZXT3nNZ/L5VuSSd9tZJZY8nRt3lhzR4666IsTr1B1mMus8kZ0JRqnmQ:yADRQZXvL5yXPY+RplNREoB/us8k6BQ

Score

10^/10

formbook gbs discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gbs

Decoy

luxuryinstalls.com

thatszesty.com

distributed.team

cilaf.com

aspenonmain.com

clivehamiltonstone.com

alternadoresdelta.com

tortises.com

rivenguard.mobi

ileverageagency.com

etcglobaltrading.com

thetotalbusinesssolution.com

referralfromeap.com

influencermonk.com

shopartthekid.com

thestorycollectorinc.com

kichunclub.com

virginiaparent.com

comptoirsolis.com

wwwthenewyorktimes.com

Targets

- Target
  
  quote.exe
- Size
  
  1015KB
- MD5
  
  d239aa442968f1ecd78ec3fead79f1c5
- SHA1
  
  28d69f73c75a419ced1bed487f14ea09dab85b7a
- SHA256
  
  9701e87ea4beda798663d1e09569103cc9dcf517e2e9ad41d0f9304247cf2f1c
- SHA512
  
  c030f718b976b856d2aad62f9de5d7298139bd2dc718c796693007ec59af7d985ec1225a278715a224a2fde20421867f6d318acba4968854083e8085828b1395
- SSDEEP
  
  24576:BWzf2ryot2cyzmPLtEux5fXDj7RplYRIVcfc2:BWCMfG1xj1plYq9
Score

10^/10

formbook gbs discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookgbsdiscoveryratspywarestealertrojan

behavioral2

formbookgbsdiscoveryratspywarestealertrojan