formbook | fa06c27fec5c21151a0801eee977067f711994fef401349055108e8f1e6d4fdd | Triage

Sharing

General

Target

JaffaCakes118_fa06c27fec5c21151a0801eee977067f711994fef401349055108e8f1e6d4fdd
Size

197KB
Sample

241222-bb2xcsxjcr
MD5

281d81bdcb7b41c4af3cb508075d0e52
SHA1

ab154f3b7482f81f44b50af01fa6c5f8555e2310
SHA256

fa06c27fec5c21151a0801eee977067f711994fef401349055108e8f1e6d4fdd
SHA512

a6c313b10cfbbd46de91be99cffcf4ee0fbe6e31c0558992d6f67dce53da2bb823402ec8850d241c48201280191e40f7c8aeca01267bb8940378e490bd389c3c
SSDEEP

6144:FLi8qWDrJZ1n8VAsgiBxlESU9JKXA18Odoy9gfgQnC3Y:YKZ1nADBx1AqA18iY

Score

10^/10

formbook t01w discovery execution rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

t01w

Decoy

yeluzishiyanshi.com

thehardtech.xyz

arrowheadk8.site

zaulkunutila.xyz

lookastro.net

congregorecruitment.co.uk

darcyboo.uk

collettesbet.net

ltgpd.com

hiddenapphq.net

haxtrl.online

esenbook.com

jxzyyx.com

ulvabuyout.xyz

instashop.life

vazra.top

ewdvatcuce4.top

zhishi68.com

fabricsandfashion.com

hootcaster.com

Targets

- Target
  
  ySNxzGtmAt_bin.js
- Size
  
  343KB
- MD5
  
  2c1b8ce86a48542a827bb302d54eb19c
- SHA1
  
  6c5b668d122791450edb50027312f22d22eeb39b
- SHA256
  
  c89f8224348c1c86bf84db8a6596f1ff4fdad498669918393fc6325b7a1476e8
- SHA512
  
  88bcb4feb1e9a0dfc378d106faa5e979c1505c17483e9ae7e68e8782f0563ca0248f712f0f1b384d7c97b7ef65e0665b72af28a5b9852c030cedec7c67ab5e65
- SSDEEP
  
  6144:P+58K9NNqVEmncYRk/ykRCa7ljUuqeYGEirkxMdv1K8glhknGC80F0+WwpOj:lK9NNqVEGVRk/ykRCaRjUGHjrkSXK8gT
Score

10^/10

formbook t01w discovery execution rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookt01wdiscoveryexecutionratspywarestealertrojan

behavioral2

formbookt01wdiscoveryexecutionratspywarestealertrojan