formbook | d2462097edaf66529bc394ce37b19f713ec739adeb05dcfde4ec125f7668405f | Triage

Sharing

General

Target

JaffaCakes118_d2462097edaf66529bc394ce37b19f713ec739adeb05dcfde4ec125f7668405f
Size

490KB
Sample

241222-gnfsjswpas
MD5

dd1f4b23106899ed1a69410d30926c13
SHA1

23a738d4c3789a795eb2bc8f3575a66eeff42295
SHA256

d2462097edaf66529bc394ce37b19f713ec739adeb05dcfde4ec125f7668405f
SHA512

63a85f30caa06548df34bb7fe3b6bc181b990af8688ccca65643c404ef8acc8740926d983234f0c22de0d65f920214c66d9b0738bb9bda93c19d830737e1fa71
SSDEEP

12288:tWhXLSLz4ba2ByJvI3nxn6I4iZlq6WxaBPfcfsVVY:UhXY6aYyZI3HuRxaKfsV+

Score

10^/10

formbook gs25 discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gs25

Decoy

real-food.store

marketdatalibrary.com

jolidens.space

ydental.info

tattoosbyjayinked.com

buytradesellpei.com

61983.xyz

identitysolver.xyz

mgfang.com

teizer.one

staychillax.com

ylanzarote.com

workte.net

maukigato.shop

coolbag.site

btya1r.com

dkhaohao.shop

zugaro.xyz

boon168.com

xn--80aeegahlwtdkp.com

Targets

- Target
  
  YENİ SATIN ALMA SİPARİŞİ.exe
- Size
  
  591KB
- MD5
  
  1386e264b4ac1e8af6732b410f9166bb
- SHA1
  
  3a2db66eeade8d4f99bc2960f647376d3f8fc602
- SHA256
  
  75af305b8b64ee6b85b75060ea2d37053f9c4e87636445619cd132752ae15bb0
- SHA512
  
  52e6c8b5530c5335014eea8c8f853f0a07d5dea49425a79e9406ed577525eaa315d8eb70a6996f2da530c5df7ca4d83dea821ee125839d2d0e8deffd8213f048
- SSDEEP
  
  12288:i9pR1wbM2fzodEEsFsHVrLEK8ceyHYncKvrfaqpOL6PWsLUwDt7mjRe5had9Tgee:iTR1cOEHFsHV3HpHYnc4j/O+PnX
Score

10^/10

formbook gs25 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookgs25discoveryratspywarestealertrojan

behavioral2

formbookgs25discoveryratspywarestealertrojan