formbook | 228c95bb180523da48687125b28042a2c663819e627bfff839a18a35b22f0b4f | Triage

Sharing

General

Target

JaffaCakes118_228c95bb180523da48687125b28042a2c663819e627bfff839a18a35b22f0b4f
Size

407KB
Sample

241225-tvb46aylap
MD5

7c259ae343a6af73ad0a6b5f920c3f27
SHA1

bbfd2b5ef4ad68af64de477d506d00a023f58940
SHA256

228c95bb180523da48687125b28042a2c663819e627bfff839a18a35b22f0b4f
SHA512

db328ac84435a40b3e5198815d51544623795afa16cdf0433fa03265c98310fc6de94a4e3d24cbb5b9ee4a9aaf39465e31b7680f62101bacb85dba0d03a5b7d4
SSDEEP

12288:YbP64ODJy7J17bApb5yAgqaO5Ah8YQ9iHC:Yj6+7nnKgjqBWh8Y0iHC

Score

10^/10

formbook dxe discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dxe

Decoy

sardarfarm.com

959tremont.com

privat-livecam.net

ansel-homebakery.com

joysupermarket.com

peninsulamatchmakers.net

northsytyle.com

radioconexaoubermusic.com

relocatingrealtor.com

desyrnan.com

onlinehoortoestel.online

enpointe.online

rvvikings.com

paulpoirier.com

shitarpa.net

kerneis.net

rokitreach.com

essentiallygaia.com

prestiged.net

fuerzaagavera.com

Targets

- Target
  
  89f32b16d874afc972f69f0108ccd4b163427bd30d66f2ee07f0771ac0f47d54
- Size
  
  879KB
- MD5
  
  79dc6309e5428498138288258408ebec
- SHA1
  
  bd9b708b3743278df0a6c3a494dc8e3a0c89ed6a
- SHA256
  
  89f32b16d874afc972f69f0108ccd4b163427bd30d66f2ee07f0771ac0f47d54
- SHA512
  
  1b2d3b0dd1e7f43264ed0cd535b4095efbf3f635b988893556450d3d9654fb6d494f8626984d31b7605730c7ad1a8b38e0bcb1bb24ad8099c81e96c78e156ce4
- SSDEEP
  
  6144:KrNLru22ulz4ntAC/cl47K9jYhCioJHBqVBixGQX1PfBOeVOdvXhNuxD9JJYWU:QNG22u+Aq+sMhqV+GQpfFVOxXhNu3JJ
Score

10^/10

formbook dxe discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookdxediscoveryratspywarestealertrojan

behavioral2

formbookdxediscoveryratspywarestealertrojan