formbook | c7aeae267b8235729102a37b3851fbb9484b4ba10b1135ecc3cf644004690203 | Triage

Sharing

General

Target

JaffaCakes118_c7aeae267b8235729102a37b3851fbb9484b4ba10b1135ecc3cf644004690203
Size

416KB
Sample

241223-yvqd1azlgq
MD5

bb5b77e54d846bcd61d1aa1bb3c39999
SHA1

3a191b551a3649addff295c4a6fdd01f73b34533
SHA256

c7aeae267b8235729102a37b3851fbb9484b4ba10b1135ecc3cf644004690203
SHA512

eee02dec8acebb8d7aaf93bfe9059abeb3478692244f6e899163e7ec24a91cb81d660dede216bca7d03f516566d643597a1b0754dc9dd9a54d7abbd0a5e505bc
SSDEEP

6144:BJ+8hj0PHsNM28wPEMqZzgYwe0VzZ2VGJhYHvmM6v20nXMQq:28hj0oMoEMwPozZ2VCSufBXM7

Score

10^/10

formbook ewws discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ewws

Decoy

gesundheitscoaching.one

leonspropertysolutions.com

urbancoderz.com

abybo.com

crybabysmensclub.com

russiaentertainment.com

lfgprima.com

snatchtime.net

cnrollershoes.com

gdddpc.com

psychicpatrol.com

minnienucup.com

thankscred.com

huellanaranja.com

office365microsoft.com

nisithailand.com

jumlasx.xyz

edm191.com

cleaoshop.com

najjarnabil.com

Targets

- Target
  
  QUALITY SCALES CONTROL PO , PDF.exe
- Size
  
  512KB
- MD5
  
  599a2f1f7ae79d79e8811886a74db3a0
- SHA1
  
  c22dfc6ef39b158b403e9e2fa035847af9f6d524
- SHA256
  
  e1bd2c6c40bb7f29fc0f7d164f0d8061ec4cd33edac6db75c0810b10b19aeb3e
- SHA512
  
  3e580af9d144d36d850062ac466cf0930905708a032f865389d22ee672fba8d459d022255c6b8dcae3b75bd83fd739524b004c2144436c16c11c949511804abf
- SSDEEP
  
  12288:A6onlduxjoHbCaFLq/l4WCJHMBJvGdhL:6nruxseOWCJsLv
Score

10^/10

formbook ewws discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookewwsdiscoveryratspywarestealertrojan

behavioral2

formbookewwsdiscoveryratspywarestealertrojan