formbook

General

Target

JaffaCakes118_aa7ab4157c0ea04bfff754a8427eddf57cc270d8cb7b01752cc070c71ac7bdd8
Size

213KB
Sample

241221-xe3tqawmgv
MD5

8394ecb2a0a35cca1f191c1798cab6ce
SHA1

0866de03627135b370e33ecf65ad13a9be9a2882
SHA256

aa7ab4157c0ea04bfff754a8427eddf57cc270d8cb7b01752cc070c71ac7bdd8
SHA512

62fcb2c50dc29867d91e3f0e3c1ebc37654fea61fd17124ed68d04e1e0677c3f766fdee69a1b2016c85556f14b4d7f9a50f12d2e69d987120ced5e24be47f24b
SSDEEP

6144:H0175CEz5SCTVAjVHIDiErhpbNCv0rLlcHKrFZ4:U75CITVAjVIlhpcv4/4

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

f4ca

Decoy

omFHB5ajfJi1UEIEV9XcoRw=

UBjJkmQPyprdhcFF/bdCWQ==

evGKkBUj1je+otcfpw==

KgvGVeOATSt3nug0BIOm2JvOQycB

Lv6o3K0r9aSjI0lr9fg1txw=

LH1jJb/HieQpsEdqWCQTvX2PmsDVIeg=

99dte0XauJfk6Xv+uQxJFgA1gMktBA==

21FkkGB9gMniDQw2ffu6

r4lKBM/q6TZwVZfS

F+14qHeVWi56KdQ=

BgWXRsVoICMvvQ==

I+EozFl0Uy56KdQ=

xoXCgEllKEbWfjFCCLo=

qo9G1lXvvGt5GkxrLQWw

ORNlYic0PJ2ip4geEFSv

Yj+GFpvFxy0uVYx1fLI/XQ==

XL+veIKPjOTe4fjvFs+n

D2JKVAfuakXCAyoEvw==

voWJU81tH56wvt/vImbCcgVd

dVEcwFrmb8bZ4vXvFs+n

Targets

- Target
  
  37fc27ae593c57c90608af9929d7ade4fc5924ec4e795c445c4bf8a5a1bf8585
- Size
  
  225KB
- MD5
  
  3359916b838254bede2336070d99b6e5
- SHA1
  
  ae40ca0d6b91624cd8d9ef1b30e1ce2338c3309f
- SHA256
  
  37fc27ae593c57c90608af9929d7ade4fc5924ec4e795c445c4bf8a5a1bf8585
- SHA512
  
  989e405e72f4be4abcca21e8b8cb84b37165e00a88a13f3186801f0f64be8c6a7e70d069e69dfb58f71622a6b41b5c9a93d20279e4a3c580f3e2f488d59a7406
- SSDEEP
  
  3072:qUJoFfWzzl+cSM2wPddXssJXKAI95ibwrhlikpXbeK3eMmR6M3vcJLSmKqcHKrF+:qweEp2KjV5IDiErh7bNmv0JLlcHKrF+T
Score

10^/10

formbook f4ca discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  xxrkypy.exe
- Size
  
  5KB
- MD5
  
  818e4839cf473064fde652fb001fcce6
- SHA1
  
  b051185eddc6992bd0b4092e338ed067487af57a
- SHA256
  
  72eefcdcbb8c9510a83e9ce80810d84688416ede5d4041aee4944f04b7cb903b
- SHA512
  
  9b8aa6a9ef6d125f80ef555429d45e970f873440d95ac8f687a2ff782d46fdf71c8b66d351010346b989fbeb74f815e96b774a6c463aa9e974399e9a67e50c06
- SSDEEP
  
  96:bhrJTnFlgFjwaepQr6SRmoynhKMTnHOjx:BJ4Fsaez6moyncMTnH
Score

10^/10

formbook f4ca discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

Formbook

Formbook family

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4