formbook

General

Target

JaffaCakes118_5df89adb4ee77c297723f878efaa85ef584ef00f404e2fe76f9a4931ec9d8855
Size

986KB
Sample

241225-ra17favlfr
MD5

6506a5833f1a3c34053a760f70db0903
SHA1

2add4dd3f75b2dca8cf881b36e59ba8f36b6cbcc
SHA256

5df89adb4ee77c297723f878efaa85ef584ef00f404e2fe76f9a4931ec9d8855
SHA512

d26f121fc06dbb3207197cb36c4541a4db3ff3a3296870e419d5c3b1faca7086a765397901a7e96e1119c0aa9c71f5318211f80a42cbaf62cd9f18d7272c844e
SSDEEP

24576:Groou25lDoIW8djmxW5jGoS8ae2lKZRSIVojeXpSTm:GrooukgjxZ8ae2lyPuy

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

t01w

Decoy

yeluzishiyanshi.com

thehardtech.xyz

arrowheadk8.site

zaulkunutila.xyz

lookastro.net

congregorecruitment.co.uk

darcyboo.uk

collettesbet.net

ltgpd.com

hiddenapphq.net

haxtrl.online

esenbook.com

jxzyyx.com

ulvabuyout.xyz

instashop.life

vazra.top

ewdvatcuce4.top

zhishi68.com

fabricsandfashion.com

hootcaster.com

Targets

- Target
  
  textview466732.exe
- Size
  
  1.1MB
- MD5
  
  3a7e5d1f2647dd5b8db9b826116f4ec6
- SHA1
  
  85cdf938d50c68137dd6b344dfa54efb7236f486
- SHA256
  
  927d0ba12659ceffb9d3f45ad9eb34bc9f8a9b6931499cf08a2d94be0dbf8019
- SHA512
  
  5774393a5960b7fb3f63de19ee07b3c5803dd6164a746382014313121f3ce263be9a5122e38e0a83503d38e7eafa3328c325b7c26276c9e7b7ddad5fb5217d10
- SSDEEP
  
  24576:0AOcZ2i7OX8FbAQFred8TPwUcztVqEubl83o9ZkbgWf:ifAgdgPTWfqEUU2Zkt
Score

10^/10

formbook t01w discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2