formbook | 1a5cd4e960a671ba4c2bc5584cce5a9f172dbfa6e6988eb56cd1c762adcc3dc6 | Triage

Sharing

General

Target

JaffaCakes118_1a5cd4e960a671ba4c2bc5584cce5a9f172dbfa6e6988eb56cd1c762adcc3dc6
Size

396KB
Sample

241222-y5l5bsykeq
MD5

2676ad39672a7a1c9c694caf26e1829c
SHA1

3039d8aad8fd1087382579f8aa73dffff47a75a5
SHA256

1a5cd4e960a671ba4c2bc5584cce5a9f172dbfa6e6988eb56cd1c762adcc3dc6
SHA512

b932aa5a7d8f593a23d5ee2cbcf256cdeb1da51c1fbdc3b9a65d63052e97813aaf5fbb72cce121cf0069a860c59317b211799190eb48344af5623af549aa75cb
SSDEEP

12288:KVU41gs1+dBdAoUBHJwd4X/mw29dlB+WzvYiX5Ld:0U4vuABHyd4vmwSdTFX5h

Score

10^/10

formbook r4gk discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

r4gk

Decoy

quantalix.com

animalblog-eggs.com

039skz.xyz

guttas.net

lasantadayparty.com

protegerfinanceservices.com

vixtest.xyz

digitaleconomy.global

0xpax.xyz

mobilehome1688.com

themotionpartners.com

valueney.com

hattuafhv.quest

js0061gj.net

360metaverse.biz

seculardata.com

346727688.xyz

smartmapom.com

moksel.com

exoduswatchco.com

Targets

- Target
  
  payment copy.exe
- Size
  
  622KB
- MD5
  
  b568ccb4efb2fec5d08b57b21738523a
- SHA1
  
  021fdf7117c2623b11a6914bbb7294e467993e57
- SHA256
  
  f6fba16427d82d11ca8da3b8b1ba0b47eb9719da38a44c9480ac73466e932edb
- SHA512
  
  af5374c7a417d66d548beb6caec78af4a217f1e6677afcc6936bb198100768e6a9a7f671095cf1e90a5c802c3bcaa36eaf699d92d7064390bcc6818d74dc09d1
- SSDEEP
  
  12288:l9FfLVUE06PTli+kt43t17lG2ejs0Od/fD1t/QJ1jSC:l9Ff1TwZ6D7l3ejs0OpL/QG
Score

10^/10

formbook r4gk discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookr4gkdiscoveryratspywarestealertrojan

behavioral2

formbookr4gkdiscoveryratspywarestealertrojan