formbook | 8e99a425bb6eb53fd66d95f79b401a4dcf6747199e7047f0f728e8c91c251f2c | Triage

Sharing

General

Target

JaffaCakes118_8e99a425bb6eb53fd66d95f79b401a4dcf6747199e7047f0f728e8c91c251f2c
Size

610KB
Sample

241225-qpmrxstqfl
MD5

92f5de1b3d69cd26cf8755358baca330
SHA1

0b039831c99609096944a69ced2836ff6225b4ce
SHA256

8e99a425bb6eb53fd66d95f79b401a4dcf6747199e7047f0f728e8c91c251f2c
SHA512

49dae2c296064f6a816dd4606a9c4f422a965fc5a8a998a1574ba3079a521acb4b1b77c14ec13983959a9b600fb2caae4a9f60bc3b9dd668e0b638eff655fcf0
SSDEEP

12288:1qlNvlMg8T06A6sFuK2yoCkXXYbkFUa1E9RAkoouXcVStwTqcc5:klbcT0IMuKcjE2E91SCSK+5

Score

10^/10

formbook if60 discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

if60

Decoy

babyjames.space

dtjug.com

bhagteri.com

havplan.com

gentlesuccess.net

negativeminus.com

utesm.com

ngomen.online

abohemianeducation.com

hyper-quote.com

poseidonflooring.com

theshopdental.com

consumelocaloficial.com

tineue.com

traerpolio.com

somnambulantfarms.com

sugarhillclassiccars.com

brasseriedufayard.com

replacerglass.net

lazyguysmarketing.com

Targets

- Target
  
  d39ec2fb7fa07bb6886173571262d2324d96b6e879ccc4f2cea46ece183e576a
- Size
  
  812KB
- MD5
  
  8306a90a10e3fc42341768b333d3a957
- SHA1
  
  05bb69bb01e6aeb6b92bf09ad6ce194b4f2e748c
- SHA256
  
  d39ec2fb7fa07bb6886173571262d2324d96b6e879ccc4f2cea46ece183e576a
- SHA512
  
  99f7eaec1a895ef6933cd967d85d75dc36d3bd2b05a15fe2fa0e95558df8e58522fed4855e8e59948bfdece73ab9b957f68a58a47fffb8435656054922a4a7df
- SSDEEP
  
  12288:65MTdFUoSsmtiK5oyZ3+cGwkUp/0fciw99blihfJGJVR53squN:F1+FovcKLgbl2G1aLN
Score

10^/10

formbook if60 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookif60discoveryratspywarestealertrojan

behavioral2

formbookif60discoveryratspywarestealertrojan