formbook | 7f654b1fb8cc24a97902e4a32291e182d42efdb378de4b96ba16b7af6ae5dd2a | Triage

Sharing

General

Target

2b58b674323df58dd616043e8891938b_JaffaCakes118
Size

898KB
Sample

241009-fqccga1anr
MD5

2b58b674323df58dd616043e8891938b
SHA1

cb1f2b71eebc7ecc10e631905dbdea373b8d27e2
SHA256

7f654b1fb8cc24a97902e4a32291e182d42efdb378de4b96ba16b7af6ae5dd2a
SHA512

f131295dc83dfa4fafcb9369e3621050c58e0e7c3e99464f05159903c133333e78565160932c17549fa7e905e444909f732d5a6f4561bf87e4a86df4b83dd0ff
SSDEEP

12288:9StsF9+ht0DZNUpj7uTfK4apVKmdea/71SeLU7MW:9StsF2t0DZgj7MfK40KEd1H4r

Score

10^/10

formbook hx321 discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

hx321

Decoy

homes.maison

bodoka.com

tabazphysiorehab.com

joybrightchina.com

mystic-shop.com

957dfa.info

realsmartcheck.info

twuit.info

claudlovell.com

wickmag.com

tiendafamilia.com

claropyme.com

lyftfind.com

lnkdin.net

trespatines.net

adszb.info

iscais.com

nastaraco.biz

brandflyfun.com

jzpyjs.com

Targets

- Target
  
  2b58b674323df58dd616043e8891938b_JaffaCakes118
- Size
  
  898KB
- MD5
  
  2b58b674323df58dd616043e8891938b
- SHA1
  
  cb1f2b71eebc7ecc10e631905dbdea373b8d27e2
- SHA256
  
  7f654b1fb8cc24a97902e4a32291e182d42efdb378de4b96ba16b7af6ae5dd2a
- SHA512
  
  f131295dc83dfa4fafcb9369e3621050c58e0e7c3e99464f05159903c133333e78565160932c17549fa7e905e444909f732d5a6f4561bf87e4a86df4b83dd0ff
- SSDEEP
  
  12288:9StsF9+ht0DZNUpj7uTfK4apVKmdea/71SeLU7MW:9StsF2t0DZgj7MfK40KEd1H4r
Score

10^/10

formbook hx321 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookhx321discoveryratspywarestealertrojan

behavioral2

formbookhx321discoveryratspywarestealertrojan