formbook | 6943f180b6b374ed414dc428aeca2968ab3ff52e4e7fa07b74f01ad23c862b4d | Triage

Sharing

General

Target

JaffaCakes118_6943f180b6b374ed414dc428aeca2968ab3ff52e4e7fa07b74f01ad23c862b4d
Size

644KB
Sample

241222-kyv7rssjav
MD5

304f4dc11f8e9c80538f7317971eae25
SHA1

a2857c89479887b9668c729f81f7bd31317c7ab5
SHA256

6943f180b6b374ed414dc428aeca2968ab3ff52e4e7fa07b74f01ad23c862b4d
SHA512

119069704b76e8207a58571f05bc859948ab8c299edf35ae0e89d556d176deeca4cfaf95e2a0942fb05c8d98edcb2d48446db9a5b20e4b91f4b8f16f2d417f39
SSDEEP

12288:ZSFekAkxuBJVpZ58UuyIeimoSFx5czU1/MYwpoLqPTITGuSBalcK6EqR0QIC+B8:sFQsuXpCZyxdFx5cI1Tw+LmvBalK0QIc

Score

10^/10

formbook fs8 discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fs8

Decoy

deanpalm.net

dinu-living.com

setsomegoals.com

craftyfresh.email

cleantons.com

szysjfjx.com

shestakova.info

70skinstore.com

ampletrade.ltd

cmmcwomen.group

michinoeki-taka.com

auntoni.com

huochegw.com

abovekulture.com

gzjige.com

americastandproudagain.com

hobbyhousekennels.com

1020waterviewdrive.com

5927399.com

gabipareras.net

Targets

- Target
  
  Orden de compra.bin
- Size
  
  893KB
- MD5
  
  bf187fc1d7fc6666040fcd201e60dc84
- SHA1
  
  a797b0a4ef58dc53a8ca8108578ee3f263cff78c
- SHA256
  
  5169448790953f95b005aedf779cc9cc9443ab52550650cbae197033d5c227e0
- SHA512
  
  ed905aaa6fd7fad472a8e4710601464bf3a714da7fed656f7c70668d38b73531bc88329d82d6851f3a59a4531959e813526d41d783f0e8728030fbaf100291b8
- SSDEEP
  
  12288:yebc0wBp2I9s/yLp/8SA24PGCVyoFr10QQCtPgUtSFKGAdg4a8JdREbg+145Qey:JXwB41vPNr15Vhts4q4aeREbg+D
Score

10^/10

formbook fs8 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookfs8discoveryratspywarestealertrojan

behavioral2

formbookfs8discoveryratspywarestealertrojan