formbook | c7963d714e508e583052dbac69fd4bb75d271db457308f67adb0e9bfae93ad60 | Triage

Sharing

General

Target

JaffaCakes118_c7963d714e508e583052dbac69fd4bb75d271db457308f67adb0e9bfae93ad60
Size

834KB
Sample

241225-11774szmhj
MD5

24a402fa02bf3c98cf0832e6f2602a0e
SHA1

143e2fb125aa8473d9a03e68dd6695a0ec692f9c
SHA256

c7963d714e508e583052dbac69fd4bb75d271db457308f67adb0e9bfae93ad60
SHA512

5f2f5eb15ab157cc79e553cb40a736a7eadcd7ffd257c351d55f2c86bdfdc74bee21a75276b552502ce5ac54b692e23fd01bc3189b6cbbb67f3a181f93b005c8
SSDEEP

24576:z1ccJyOuz1RXkaj0obe8ArtVgsK9wNRmBML2OfBjsz:zmcYnXLw/8A0yRmBgHBsz

Score

10^/10

formbook nquy discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

nquy

Decoy

a3sidprVANFTG0llIjdA

amYQhcIbS9blLB0=

GOqH7AZQZTYBOB8vWeHGwCVnUw==

kp1yw+EwVCesxslPY5gtZ2aiBcRa

zV/0O1+y47mCh6+5

uX0OU3R898WRBa/Rog==

6val8whPkGM9wuxTFGNI

ozzlSYzyF/XOgNSKG5fsoNYzkk+pxgDF

sHo2h6PuHfFwtOdTFGNI

xZ54yOceUB/thMxtzhp4wCVnUw==

s4pIou5HdD3C1snrARcqXw==

jiOqEVW81qEjTIs5ouY+1hZ3MGvCJg==

Nga3BkamwZ4gVmz0fb5KkYs=

DNeA3Bp8vJpd8VPogb5KkYs=

tbZjsdPoeu0sRcPUqA==

RToES3S3EqV3+g2XLLtFzOHPMXwE7JvN

+c+C3eYzcETJ8hehDlIno5I=

3KE0kK71Hf/ODgNTFGNI

MPrCqTAJbjGx

fkXl/0uKuIgIDPB+aeTYSA==

Targets

- Target
  
  ORDER NO VOL- 6542 335 22.exe
- Size
  
  1.0MB
- MD5
  
  d59478fd8ef62d1006e85001c3ac59f3
- SHA1
  
  aaf63576f5f1f412547c51bee18f88deeb06d36a
- SHA256
  
  af9c39c609e5cda424ed4cd2fbe7f32c0d9d2936754d41c098a7dec269c42fd2
- SHA512
  
  7184b20f299cf019d9a8f260fc8fd135b7e5b558a4e4061b10f2930a80949aef67de2bd9293770585cef7a677fdacef69cbaa61a688905118c717d4ced98999c
- SSDEEP
  
  24576:E1RcJw0mlJ5noiNiGLU8GXplgs8PErrmDgvqOR:Ezc6jnvQr8GQormDIjR
Score

10^/10

formbook nquy discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooknquydiscoveryratspywarestealertrojan

behavioral2

formbooknquydiscoveryratspywarestealertrojan