formbook | 0c28dff876ccdca7e5ee29299a3828974a3c1c2e9ce6a801e6db7e2a12e16a84 | Triage

Sharing

General

Target

JaffaCakes118_0c28dff876ccdca7e5ee29299a3828974a3c1c2e9ce6a801e6db7e2a12e16a84
Size

647KB
Sample

241223-ql23fa1jgr
MD5

db0f6cd30abea4dc8989b88778662210
SHA1

06d9f0396f198492f483ee69c2463a2a0cf3cd8d
SHA256

0c28dff876ccdca7e5ee29299a3828974a3c1c2e9ce6a801e6db7e2a12e16a84
SHA512

53b6c82ffddb02a408a733b5ded46484aff442b38d18323bbb0afee84a47569d4803e50232c6d38d363fd35ac02f263635dca5ce0c76a261e6b7b7205490a891
SSDEEP

12288:Dr4llk8xM6601PQyRDZlFKY2A+9iFWRr16IWvorDtt1xlfgpdfbR:DYe16D1Llb21QCrrWveXapP

Score

10^/10

formbook ji99 discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

ji99

Decoy

f5hfqPfk5Co4t9g=

A9ql+89lMaIqvdw=

AuXIIWRbGyo4t9g=

UX9Pn/rz8So4t9g=

haAzYKqrYA==

hFdOOodp41DpKN3KlPmz

RA7UPC/1Nn7DtG2nMDC7qzFIqyNH5Q==

nu+6ldzdZuY7Mfy7R1u8

CUY9ntOFDwT+x5cuu7MwUpEX3jX7ycxrTA==

mBzgqeKiuSTnno+ywbU=

EY1SJn9aa2PgEaK8MCv87C1EqA==

eQ63l+wp6FNhJw==

1qqcmBMMW4cTvd71KFxawvWn

CU0a9s95/UP8lFS7yLc=

XnREpeCto+QncjZhqb8=

1GJM69VrRm+DuOdYWJo+Ug==

R6iIYTHZbuA0L+XKlPmz

oamYII2fY5HT3p28AlVawvWn

/f7UheK0ifs3

TSEN9Dv+PmX4hNnx

Targets

- Target
  
  New RFQ 6000333264 (K0060-01).exe
- Size
  
  1.0MB
- MD5
  
  01202dc54836c255eb5d901d3641e786
- SHA1
  
  60fdbb2aab5637e9b205a95c2940be264e07ca9f
- SHA256
  
  6262299f2c4308cc3f69f8e038d68cefb86f7acb0b718d1fe9416244c80b5956
- SHA512
  
  a95209c85deb8f971883ceea25c2cba9d06bb9d0a0d3141383ff7ef42ad767cc75beb366d5806d0cff62fe63a5079e4e9bfb68f58334ec5cee2de89c6c867b0c
- SSDEEP
  
  24576:TPxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxNussC5YTy3b:hYTqEpxnhjiTFdj
Score

10^/10

formbook ji99 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookji99discoveryratspywarestealertrojan

behavioral2

formbookji99discoveryratspywarestealertrojan