formbook | 5c35f2a71144607479cd3b69fad16d64f6714f36de7e380139d36ad74a29675b | Triage

Sharing

General

Target

c1a1574f79de1b92dff600b93af4fb2e_JaffaCakes118
Size

788KB
Sample

241204-j1z33atqhj
MD5

c1a1574f79de1b92dff600b93af4fb2e
SHA1

fe900346d226cbd124005a96aaa30bab08da74fa
SHA256

5c35f2a71144607479cd3b69fad16d64f6714f36de7e380139d36ad74a29675b
SHA512

316afa911f4c9da7b520b82ce3843f5437a846568034249233b84f50dbf3f722460e281b9271ad592f3c577ec2c67b03533fc34fc39742bdb124f4bd96eb284d
SSDEEP

24576:ZzVvQ+qZALi2Mtv/qLyWcpIw2DUhcSuGsf:ZzVvpqZALgoObplWUhcSuG+

Score

10^/10

formbook vd9n discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vd9n

Decoy

theunwrappedcollective.com

seckj-ic.com

tyresandover.com

thetrophyworld.com

fonggrconstruction.com

hopiproject.com

sktitle.com

charlotteobscurer.com

qjuhe.com

girlzglitter.com

createmylawn.com

hempcbgpill.com

zzdfdzkj.com

shreehariessential.com

226sm.com

getcupscall.com

neuralviolin.com

sanskaar.life

xn--fhqrm54yyukopc.com

togetherx4fantasy5star.today

Targets

- Target
  
  c1a1574f79de1b92dff600b93af4fb2e_JaffaCakes118
- Size
  
  788KB
- MD5
  
  c1a1574f79de1b92dff600b93af4fb2e
- SHA1
  
  fe900346d226cbd124005a96aaa30bab08da74fa
- SHA256
  
  5c35f2a71144607479cd3b69fad16d64f6714f36de7e380139d36ad74a29675b
- SHA512
  
  316afa911f4c9da7b520b82ce3843f5437a846568034249233b84f50dbf3f722460e281b9271ad592f3c577ec2c67b03533fc34fc39742bdb124f4bd96eb284d
- SSDEEP
  
  24576:ZzVvQ+qZALi2Mtv/qLyWcpIw2DUhcSuGsf:ZzVvpqZALgoObplWUhcSuG+
Score

10^/10

formbook vd9n discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookvd9ndiscoveryratspywarestealertrojan

behavioral2

formbookvd9ndiscoveryratspywarestealertrojan