formbook | 13c2e846638381446a4ec491de6e5b979b1b8a755971e1181631c3c6b6c1967f | Triage

Sharing

General

Target

JaffaCakes118_13c2e846638381446a4ec491de6e5b979b1b8a755971e1181631c3c6b6c1967f
Size

701KB
Sample

241225-bf6fcaspez
MD5

82498c28c229ba457e1993cde249ba4f
SHA1

a51fdcdcc6e50faa6ead3b6221bbd8f8194228c6
SHA256

13c2e846638381446a4ec491de6e5b979b1b8a755971e1181631c3c6b6c1967f
SHA512

b25d450cdc685435536af554c09702e8b600ded7c29605b9a8cdd42180244971e12b4006af2ec49f587823bc3e0e5df2d2fe00c50bd1d1480f3d25f5ce78dc2e
SSDEEP

12288:yd+4TlqCsbJ4Y+VZx6hYx18/Z9/R65ZVi3dRYm4Lw9VXuUrFJ:CFIF49ZUYgR6Bi3/ELw9VeAFJ

Score

10^/10

formbook sqxs discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sqxs

Decoy

creid-network.com

dinningatcastlehill.com

fundadilla.com

fashionmdeasy.com

magentos6.com

pushpartybdp.com

streamingnetwork.xyz

sevenredwalls.com

hsuehsun.space

leanbirthdaycake.com

rocketmortgagedeceit.com

cashflowdb.com

smilebringerdesign.com

naomicoleclinic.com

wingsforklift.com

newsounding.com

48hrbusinessrescue.pro

101osthoff456.com

attleticgreens.com

xx233.xyz

Targets

- Target
  
  sample.exe
- Size
  
  845KB
- MD5
  
  0a0a91d81009e6f2543b365205d64cb8
- SHA1
  
  39cb4d0850b9d29661b53d62ddd47e3d085e8698
- SHA256
  
  b422b2744a87addbf9840dc44b5126379adfcf2a1e47bf6987e05616af4547d2
- SHA512
  
  da6e5672b21a523dcca1ad45f6b4a88d88db98503955d218d07e6a4522fe1e07c28fcf2b52c5a974ea77b7850dc44b6f4c3b91e19342dbf8ee84dc2fbbb8eeb9
- SSDEEP
  
  12288:A1d8c3QBT80DYfXPrk8C9p+AdiH6gZlrjP2V1Vsbw31o/r9rRWPZVmX1Vwm4Dw5z:10dZlo1uwSRWrmXHUDw53Q6F
Score

10^/10

formbook sqxs discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooksqxsdiscoveryratspywarestealertrojan

behavioral2

formbooksqxsdiscoveryratspywarestealertrojan