formbook | af03492db108628fc60b8f642ba3c5d1692ed7d4c94dba474c5b7f9e5c0ab121 | Triage

Sharing

General

Target

a0d902711f967c1d1129d0988891a5bf_JaffaCakes118
Size

687KB
Sample

241126-ka9p9azjcj
MD5

a0d902711f967c1d1129d0988891a5bf
SHA1

ba5d9ded61efcb841f6c2677ede95c5b8c27d0a5
SHA256

af03492db108628fc60b8f642ba3c5d1692ed7d4c94dba474c5b7f9e5c0ab121
SHA512

993c35ca707451479994f292d4c62252ea697d69598b227aefb94213c24e0c5cc48711c03d9f27b92c86cc26ce94e41acaf6f1467e47fa38aa1b227de92f3025
SSDEEP

12288:V6R5eCK2zd0W9pyeJ6qdwUShgHVEpdWFl1gCT+DR0NOUhnxRcN72SFo6DKmd3Qq1:ki2zd0W9pyegfUegHVE74l1PT+DR0QKw

Score

10^/10

formbook o4ms discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o4ms

Decoy

fishingboatpub.com

trebor72.com

qualitycleanaustralia.com

amphilykenyx.com

jayte90.net

alveegrace.com

le-fleursoleil.com

volumoffer.com

businessbookwriters.com

alpin-art.com

firsttastetogo.com

catofc.com

ref-290.com

sbo2008.com

fortlauderdaleelevators.com

shanghaiyalian.com

majestybags.com

afcerd.com

myceliated.com

ls0a.com

Targets

- Target
  
  Payment_Advice.exe
- Size
  
  889KB
- MD5
  
  3a4b0695b3752747171249f731a42a0f
- SHA1
  
  472db8f1ad0121714b1c0692d050f055ee7117dc
- SHA256
  
  bd746ec7cac902a0b12f829efa801316f11b5ab6df024ff0f75c178134daad99
- SHA512
  
  a21fbc3d9c7c9c87ccab446ee7ec978826cadbe3faaa9fc6bb2fa07e4d5d9ecf7ea00de897ded2ff2452b951197f94d37d62e5d4d82e101eb1db7efaac4b26da
- SSDEEP
  
  12288:F5LfSgsVSj4s4IHK7zqcqpvYri3jZcYGnnwFN5pP0D+9uAw0OyVq/k:vQSksmPq7iK5pP0v0OAq/
Score

10^/10

discovery formbook o4ms rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

formbooko4msdiscoveryratspywarestealertrojan