formbook | 984ad48db84dccbf4d978f50b0cad2c0f2eb4a256cc5f3b470facf3e411283ae | Triage

Sharing

General

Target

823e170624508c0f8ae864ee2cdc7e8f_JaffaCakes118
Size

1.1MB
Sample

241031-h7ha6a1ras
MD5

823e170624508c0f8ae864ee2cdc7e8f
SHA1

d651853b3a483b4338405f0347ec1c8ddee27f43
SHA256

984ad48db84dccbf4d978f50b0cad2c0f2eb4a256cc5f3b470facf3e411283ae
SHA512

6d0d7650a47b2cc610267278d5ad5507776189c21220c44330333a8da8aab1a9302e7d2c29315c715356a266621916bd23a7cfd8682c175f18371f2b7ed3de09
SSDEEP

12288:JIn7d2iNND81lhaIAjbJOm4gutFgaawmNa4wpWHx75uMLG+tsQEOgu5:K1P81ra/3JOmTGlhmNa4y+tU

Score

10^/10

formbook o4ms discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o4ms

Decoy

fishingboatpub.com

trebor72.com

qualitycleanaustralia.com

amphilykenyx.com

jayte90.net

alveegrace.com

le-fleursoleil.com

volumoffer.com

businessbookwriters.com

alpin-art.com

firsttastetogo.com

catofc.com

ref-290.com

sbo2008.com

fortlauderdaleelevators.com

shanghaiyalian.com

majestybags.com

afcerd.com

myceliated.com

ls0a.com

Targets

- Target
  
  823e170624508c0f8ae864ee2cdc7e8f_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  823e170624508c0f8ae864ee2cdc7e8f
- SHA1
  
  d651853b3a483b4338405f0347ec1c8ddee27f43
- SHA256
  
  984ad48db84dccbf4d978f50b0cad2c0f2eb4a256cc5f3b470facf3e411283ae
- SHA512
  
  6d0d7650a47b2cc610267278d5ad5507776189c21220c44330333a8da8aab1a9302e7d2c29315c715356a266621916bd23a7cfd8682c175f18371f2b7ed3de09
- SSDEEP
  
  12288:JIn7d2iNND81lhaIAjbJOm4gutFgaawmNa4wpWHx75uMLG+tsQEOgu5:K1P81ra/3JOmTGlhmNa4y+tU
Score

10^/10

formbook o4ms discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooko4msdiscoveryratspywarestealertrojan

behavioral2

formbooko4msdiscoveryratspywarestealertrojan