formbook | 9c308cf0c5193b3764e892d8cc3f93b9ce20762f918a74cc4f7b07544ab5bd4d | Triage

Sharing

General

Target

JaffaCakes118_9c308cf0c5193b3764e892d8cc3f93b9ce20762f918a74cc4f7b07544ab5bd4d
Size

1.0MB
Sample

241222-gll7jswnby
MD5

efdae08118be99a41dddcfb0918d3f42
SHA1

ce3d1472b1f754e5ec0123ecb4d87ccc03e3121b
SHA256

9c308cf0c5193b3764e892d8cc3f93b9ce20762f918a74cc4f7b07544ab5bd4d
SHA512

840c4c1e0f57d00bbb788e2529d95f12b526c6bc75a1a73a50b65a6442306465299c009a50dffae127f70d5178bc4c24866a63f495fd91cd7c3b56c77516b603
SSDEEP

12288:LAGApB+LGjzOQWOxxnDC7nVD4BIaFFEnd0XZ3lvMgTADqjJ5n+pUJj3seT0Ciw2j:LArpBSCWXrV0od0/Vrjr+gK

Score

10^/10

formbook pcbd discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

pcbd

Decoy

zmUiPvT3GhgT0MCJ0cfkdEhzgw==

yysIUP08pEEFmg==

OJocz3OwWxa3dlw=

x2zXJcwJW4ov1HTk6fxkGhA=

sBLZbXS1UNRrKtXRVg==

J7Gg45CjxQ2yXGVNjhW+dGl6PjA=

oSLxdZGii2ZZLxbgL/pUqQ==

2G7zNzNizyjjeRKY3gb29GOeiJsHWraj

X+hZnXgqSha3dlw=

8QPQWQkxuy0j2HtGXkIm

T6BRyfomMTvOiYQU

ovrVJa7GS9a4cnAsW6YEGrI6

4oqCON+BsDIPjQ==

4HZHw9TpIMrFkA==

LELMEKLXyAL4mA==

yuKpL7C5UQB4bHFYnOMu

ZYcWydXqPiqQq1wIGdA=

Y3EsQV5+IYd3NuyDi/2avRg=

4LRr6nWZPJunXDsCKmrNb2UIogogQg==

AA4kD8BCSxa3dlw=

Targets

- Target
  
  JaffaCakes118_9c308cf0c5193b3764e892d8cc3f93b9ce20762f918a74cc4f7b07544ab5bd4d
- Size
  
  1.0MB
- MD5
  
  efdae08118be99a41dddcfb0918d3f42
- SHA1
  
  ce3d1472b1f754e5ec0123ecb4d87ccc03e3121b
- SHA256
  
  9c308cf0c5193b3764e892d8cc3f93b9ce20762f918a74cc4f7b07544ab5bd4d
- SHA512
  
  840c4c1e0f57d00bbb788e2529d95f12b526c6bc75a1a73a50b65a6442306465299c009a50dffae127f70d5178bc4c24866a63f495fd91cd7c3b56c77516b603
- SSDEEP
  
  12288:LAGApB+LGjzOQWOxxnDC7nVD4BIaFFEnd0XZ3lvMgTADqjJ5n+pUJj3seT0Ciw2j:LArpBSCWXrV0od0/Vrjr+gK
Score

10^/10

formbook pcbd discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookpcbddiscoveryratspywarestealertrojan

behavioral2

formbookpcbddiscoveryratspywarestealertrojan