formbook | f6b13e5f7a0bea61fd638b1c4a7a78e492bac61611af402d2abb36cf91165f9c | Triage

Sharing

General

Target

JaffaCakes118_f6b13e5f7a0bea61fd638b1c4a7a78e492bac61611af402d2abb36cf91165f9c
Size

560KB
Sample

241222-fjmvmavker
MD5

10f7bba1ec18ad78cfc9eca5580bb4c9
SHA1

681c29acc64ef88b13c2e39e78639f6d2388b6fd
SHA256

f6b13e5f7a0bea61fd638b1c4a7a78e492bac61611af402d2abb36cf91165f9c
SHA512

ecdba4ddbe974d982cf383101e0c0003145189d70769967979d5703549229c53c6a888a6fa48c15b4849a129d63d158613c0d29c3af6db18384b39500ff78390
SSDEEP

12288:Xpt5hSOrQUyEbbeqahKF05H9qjcWJ9A52ebuT:XRhdEUyObeqTF0d9I/Jqfe

Score

10^/10

formbook ktmy discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

ktmy

Decoy

aiAQTnAmFP/Kv+pVX/tvBS7VKQ==

yxOhZX4E+ME9t08AJwdV

AyZqxPG/vw/wMaAqaTlFDNKn

IbeJLGkg1BMiV3W4pghwBS7VKQ==

wv9qii8F/4ztchfEsAak4ag=

F02gNNe3use8qhw78A==

/wth4YFC98Ysqhw78A==

YTdLrU0wNa+8ZdJ/

HGGviblzWTWkIk0x6Q==

asJgP3Ubiw9Z

W9B2W/vHep85rU4AJwdV

/JBka5n2tL6Xw/AUzhvW7ptATSI=

otEOeyAZDuVTwGhc03fmwA==

D+tlEkMMFqv+a9lA/P1C

Jie7d7GQkBE4Kcd1

ZIfHKF/AcfxM2I6bZrtfTQpWU6YeJ72fNg==

4Yk/F0kPyPzX0ek=

tvBTTXvjnZptiXtj03fmwA==

QeCqskgmHI4Eu2Mvj2F7LPcnShU00A==

m1w+tkYVBuFMCShV03fmwA==

Targets

- Target
  
  quotation request.exe
- Size
  
  843KB
- MD5
  
  cd3cfa9918a2e273a9a7b0118955c4b3
- SHA1
  
  289bbc79ffbf9717e7bf44cf83f3dd60d8a8e7f0
- SHA256
  
  c73fabb2bf415973d0ed742e40260e327512da087231a6528714cdd15ac2205a
- SHA512
  
  9f2a05c20eaf02378e0a4bf3b8ca3ab7cb3151b25efad52c52497a66569c3b7460f71ca7f924d3216e2f042ce72ea2ff5a6ae2a875d54948626c672fee8a5e11
- SSDEEP
  
  12288:aAoRYHHtJPrc8BLcoraBIx2aHqX2SsHhEzBCs1Omijoo01:aANHHtpBtcQaSxhW2buz/Cjon
Score

10^/10

discovery formbook ktmy rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

formbookktmydiscoveryratspywarestealertrojan