formbook | bd746ec7cac902a0b12f829efa801316f11b5ab6df024ff0f75c178134daad99 | Triage

Sharing

General

Target

3a4b0695b3752747171249f731a42a0f_JaffaCakes118
Size

889KB
Sample

241012-qvmzwashqb
MD5

3a4b0695b3752747171249f731a42a0f
SHA1

472db8f1ad0121714b1c0692d050f055ee7117dc
SHA256

bd746ec7cac902a0b12f829efa801316f11b5ab6df024ff0f75c178134daad99
SHA512

a21fbc3d9c7c9c87ccab446ee7ec978826cadbe3faaa9fc6bb2fa07e4d5d9ecf7ea00de897ded2ff2452b951197f94d37d62e5d4d82e101eb1db7efaac4b26da
SSDEEP

12288:F5LfSgsVSj4s4IHK7zqcqpvYri3jZcYGnnwFN5pP0D+9uAw0OyVq/k:vQSksmPq7iK5pP0v0OAq/

Score

10^/10

formbook o4ms discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o4ms

Decoy

fishingboatpub.com

trebor72.com

qualitycleanaustralia.com

amphilykenyx.com

jayte90.net

alveegrace.com

le-fleursoleil.com

volumoffer.com

businessbookwriters.com

alpin-art.com

firsttastetogo.com

catofc.com

ref-290.com

sbo2008.com

fortlauderdaleelevators.com

shanghaiyalian.com

majestybags.com

afcerd.com

myceliated.com

ls0a.com

Targets

- Target
  
  3a4b0695b3752747171249f731a42a0f_JaffaCakes118
- Size
  
  889KB
- MD5
  
  3a4b0695b3752747171249f731a42a0f
- SHA1
  
  472db8f1ad0121714b1c0692d050f055ee7117dc
- SHA256
  
  bd746ec7cac902a0b12f829efa801316f11b5ab6df024ff0f75c178134daad99
- SHA512
  
  a21fbc3d9c7c9c87ccab446ee7ec978826cadbe3faaa9fc6bb2fa07e4d5d9ecf7ea00de897ded2ff2452b951197f94d37d62e5d4d82e101eb1db7efaac4b26da
- SSDEEP
  
  12288:F5LfSgsVSj4s4IHK7zqcqpvYri3jZcYGnnwFN5pP0D+9uAw0OyVq/k:vQSksmPq7iK5pP0v0OAq/
Score

10^/10

formbook o4ms discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooko4msdiscoveryratspywarestealertrojan

behavioral2

formbooko4msdiscoveryratspywarestealertrojan