formbook | 31484ef741b768334de711e353731bd89c67711df613b4e175f1205531a53c00 | Triage

Sharing

General

Target

9ec16b6ca90830f0b441ea3e8165ac6f_JaffaCakes118
Size

814KB
Sample

241126-amjdqa1jhk
MD5

9ec16b6ca90830f0b441ea3e8165ac6f
SHA1

fc6430b311fcc6176fa5b1cb00f5a173c88c7556
SHA256

31484ef741b768334de711e353731bd89c67711df613b4e175f1205531a53c00
SHA512

0f7e2ed8fb9265466e9de80d0683047628b58624eaa9dd261960c410eea8c6a6e04832f739461659401dec0700521967c210eb7c1be5472c8042f838a5b7e8ad
SSDEEP

12288:vb8bzclUwpdXd04XzCdgfu0JvTkgY05XSn+huL4dxUFxaQOA5i+87QxsBop0wv:vgbeNUgfLxAPeCn+hu3aTA5i+87QxsC

Score

10^/10

formbook fw3d discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fw3d

Decoy

mekohscurls.com

camelbacktownhomes.com

workrelated.net

coukre.com

militiamixedmartialarts.com

oleandrim.net

dgyszxjx.com

admoney.info

myboytoybox.com

caprockacres.com

kenroywilson.com

koheuav.asia

qualifycet.com

safficient.com

alinabica.com

iptvpremiumserver.com

ixiaroboosterprogram.com

societymixersite.club

soulsearcherscny.com

ktwx198.com

Targets

- Target
  
  9ec16b6ca90830f0b441ea3e8165ac6f_JaffaCakes118
- Size
  
  814KB
- MD5
  
  9ec16b6ca90830f0b441ea3e8165ac6f
- SHA1
  
  fc6430b311fcc6176fa5b1cb00f5a173c88c7556
- SHA256
  
  31484ef741b768334de711e353731bd89c67711df613b4e175f1205531a53c00
- SHA512
  
  0f7e2ed8fb9265466e9de80d0683047628b58624eaa9dd261960c410eea8c6a6e04832f739461659401dec0700521967c210eb7c1be5472c8042f838a5b7e8ad
- SSDEEP
  
  12288:vb8bzclUwpdXd04XzCdgfu0JvTkgY05XSn+huL4dxUFxaQOA5i+87QxsBop0wv:vgbeNUgfLxAPeCn+hu3aTA5i+87QxsC
Score

10^/10

formbook fw3d discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookfw3ddiscoveryratspywarestealertrojan

behavioral2

formbookfw3ddiscoveryratspywarestealertrojan