formbook | 34ec91026f270416b178eca1ec533d99c72419d00e2fe364ba7a44c82dbf66f9 | Triage

Sharing

General

Target

JaffaCakes118_34ec91026f270416b178eca1ec533d99c72419d00e2fe364ba7a44c82dbf66f9
Size

824KB
Sample

241225-dcqltswjdq
MD5

b4cbc191869079e78611f617a149eb06
SHA1

cef70a199173be3d2b0fbbdee73cd9f4b153f007
SHA256

34ec91026f270416b178eca1ec533d99c72419d00e2fe364ba7a44c82dbf66f9
SHA512

180bd0b814f0975b9b2717fbf8cd67d04e3eb814f5d9c8720944f56f03ccb94e1015bd90b2d4481f9330422deabf89edbbd982f100bbca9c7d101247a0e6b28c
SSDEEP

12288:AtNdiDFzTH2zNKaINKKzX1nYkbpUfzBiDopEDRuz1CludMHRg5K1LfWwjwzseCNh:AtjAzo36jpsoU2WC02xwULOwMzTgcC

Score

10^/10

formbook tz8t discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

tz8t

Decoy

NFk7MP6QpDFJEJrVpUy0

GEMrXu+Hnm9IKFxy

IT8gJF3/gCxP

7dtVECE6S0wDp06OGg==

kzuhI3D1M9lFyzWhFA==

UVGjAr/aAiVEBPtKKrIHS8c=

LUoV7DnQCbhftSNxAa/sb9o=

gBXNjrxhyASzXx9kAw==

6o0Vl1R+tXIKX8MLl075wvb+

wWleMnYYLapbM/cZKrIHS8c=

mxcAPMpdoFgFWMnluG7HiA==

Lc8s0dmxDB7HJA==

fNexBb7nimQMfDM=

/wFu2LTK4fCH1sEQoIB5gwZYMbig

9ZsAf01ejq1YOX+fR9iK7DQUpO65

kk66JPP8RtSC3lTXoWfy8W8RpInmvB3fWg==

y//p1p2nIgC2Ig==

6csYfkRRU1wPp06OGg==

OjvSTCtGd5JAKOFmIMGghg==

Cr/W0C7J+w5GXx9kAw==

Targets

- Target
  
  PO.41022.pdf.exe
- Size
  
  1.1MB
- MD5
  
  611cac35588e905fd549327d435c80fb
- SHA1
  
  f6871a3d076f654bd444ddb5b463ae59751c2236
- SHA256
  
  714e4e1608cc5486e6ebbb112c3dda90ce2398d346539ef636adb31d5268ee58
- SHA512
  
  2a947a119e143898dafae97eb353bdb18b192a27bcc1fdc224c3960e234fc4a29bdc0606cc53006eca3315665af072bba9542b0858a19b2dc7b20a3d7633fbe6
- SSDEEP
  
  12288:sfaK4HTNwJ8KROwE4n332sIxfc3jnTVtjtTLnDTOBPtJ/WzAw+HUzPIvuUa6XyGx:IBFF2sJznT7tfXODJxt0zgWyzWhj
Score

10^/10

formbook tz8t discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooktz8tdiscoveryratspywarestealertrojan

behavioral2

formbooktz8tdiscoveryratspywarestealertrojan