formbook | c6421f2bcb19c1cd7335da01955f250ecce892b56bba50128602d6a3691fd4bc | Triage

Sharing

General

Target

JaffaCakes118_c6421f2bcb19c1cd7335da01955f250ecce892b56bba50128602d6a3691fd4bc
Size

575KB
Sample

241224-bt4hxaxpgx
MD5

d7ecb5df7210f5d8a9046b10136339af
SHA1

37c71a5ea00c7cd5a62b93862802f169bcf9d86c
SHA256

c6421f2bcb19c1cd7335da01955f250ecce892b56bba50128602d6a3691fd4bc
SHA512

7b143e9f744a05825ff72b78ee2b5ba0516f27a4f0df53e101f83f0427929ba461a98e2817f2b35d8cc3f75d50db26acef1841539316ea9c06ee34bd8f8ad7e5
SSDEEP

12288:+Rna7tPKN520k9lTwWi4HkUWIwoYCb7Kq3xsjk2Msl3loaLiehdN:+7520k9l0WKAwxaSYAl6Of

Score

10^/10

formbook nquy discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

nquy

Decoy

a3sidprVANFTG0llIjdA

amYQhcIbS9blLB0=

GOqH7AZQZTYBOB8vWeHGwCVnUw==

kp1yw+EwVCesxslPY5gtZ2aiBcRa

zV/0O1+y47mCh6+5

uX0OU3R898WRBa/Rog==

6val8whPkGM9wuxTFGNI

ozzlSYzyF/XOgNSKG5fsoNYzkk+pxgDF

sHo2h6PuHfFwtOdTFGNI

xZ54yOceUB/thMxtzhp4wCVnUw==

s4pIou5HdD3C1snrARcqXw==

jiOqEVW81qEjTIs5ouY+1hZ3MGvCJg==

Nga3BkamwZ4gVmz0fb5KkYs=

DNeA3Bp8vJpd8VPogb5KkYs=

tbZjsdPoeu0sRcPUqA==

RToES3S3EqV3+g2XLLtFzOHPMXwE7JvN

+c+C3eYzcETJ8hehDlIno5I=

3KE0kK71Hf/ODgNTFGNI

MPrCqTAJbjGx

fkXl/0uKuIgIDPB+aeTYSA==

Targets

- Target
  
  Payment_Advice.pdf.exe
- Size
  
  780KB
- MD5
  
  86855fd89cf9d73b25db56cfddcb26bb
- SHA1
  
  c176adca26aefc687a5a89108b0276e0f8dfd22c
- SHA256
  
  6f74e80cc1e0428e9c04ade080df738cd9206a4ef51e55737af9c5b5d62ca7f4
- SHA512
  
  8b378e20dd307bc345ac2f800c62e9c2ac3235f782ef2fd5d8fe9b550ef82dc76182d6cb25bb592d918161da9bc5bbfd220c256848c993dcc2634721b6a12ce7
- SSDEEP
  
  12288:wA52iNUDjyTOhNWcAsmP55Fgf/JUni6a7n/W+ZHkOYLD:j1CfOsmP55mJOFa7//ZE5L
Score

10^/10

formbook nquy discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooknquydiscoveryratspywarestealertrojan

behavioral2

formbooknquydiscoveryratspywarestealertrojan