formbook | c01d1b77062d28f497480aac1c2ad019d88b9f12a8db4405065cd2a9f3086191 | Triage

Sharing

General

Target

document.exe
Size

663KB
Sample

241001-pwq79azdnq
MD5

9806b5ef6bf254fdd4c0e934a4c070eb
SHA1

caa33c5cecee0b8a05a4b1c5f7f4f4c081fd0b77
SHA256

c01d1b77062d28f497480aac1c2ad019d88b9f12a8db4405065cd2a9f3086191
SHA512

824ce46df91db025a3e2fea193c394ad1290c681cf46e39b163036693d246078a2589eb34b56ba1c9ea62078e2b438477f7ccb292c469a99da55b79306a8385b
SSDEEP

12288:J7C27Jb5EMTIRjAH5rV20hkoJnnFc8AtAvJIUHTrU2fujnR/C6CqkR:1LTxZrLh9Jn68At+JIUzrcjnRip

Score

10^/10

formbook t94g discovery execution rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

t94g

Decoy

32188.top

mergencyroofrepair656460.online

jkahu.fun

ur4.autos

r0lba4cl0qkaws8.bond

eiliaowang.top

urjav.xyz

kidaman15.click

old-removal-p350.today

levatethismedia.info

h33323s40.top

dormy.click

5406.club

earlofwisdombook.pro

6980.app

ellwood999.biz

otdates.lol

164v.shop

thereal.app

takeget.online

Targets

- Target
  
  document.exe
- Size
  
  663KB
- MD5
  
  9806b5ef6bf254fdd4c0e934a4c070eb
- SHA1
  
  caa33c5cecee0b8a05a4b1c5f7f4f4c081fd0b77
- SHA256
  
  c01d1b77062d28f497480aac1c2ad019d88b9f12a8db4405065cd2a9f3086191
- SHA512
  
  824ce46df91db025a3e2fea193c394ad1290c681cf46e39b163036693d246078a2589eb34b56ba1c9ea62078e2b438477f7ccb292c469a99da55b79306a8385b
- SSDEEP
  
  12288:J7C27Jb5EMTIRjAH5rV20hkoJnnFc8AtAvJIUHTrU2fujnR/C6CqkR:1LTxZrLh9Jn68At+JIUzrcjnRip
Score

10^/10

discovery execution formbook t94g rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

formbookt94gdiscoveryexecutionratspywarestealertrojan