formbook | 49540bf783dec11edfad8cff91c53757987fa6f2c9b90af8aab6b1dd3cfc6b51 | Triage

Sharing

General

Target

JaffaCakes118_49540bf783dec11edfad8cff91c53757987fa6f2c9b90af8aab6b1dd3cfc6b51
Size

612KB
Sample

241226-wr2xhstqal
MD5

cdba60c0eca82aca9fdc5864c1a33b41
SHA1

09ceb6f50a52731906b41b236b434cf9e3795bdc
SHA256

49540bf783dec11edfad8cff91c53757987fa6f2c9b90af8aab6b1dd3cfc6b51
SHA512

48a868c11a7921234e8d32ef8163f5cf3b1de5af5ec192144c98bd90ac716d5b5a58a3390a96643b76f594fefd0f67c90e583cea00cbec0e87f4e5e90316b6df
SSDEEP

12288:e4uGKF+I6FV4kI8c6ZLuCD/s/cf50pJ1mkDdys1HgGLv91/7d:eXGq+p4SFNzzKpzmArHgU91zd

Score

10^/10

formbook fs8 discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fs8

Decoy

deanpalm.net

dinu-living.com

setsomegoals.com

craftyfresh.email

cleantons.com

szysjfjx.com

shestakova.info

70skinstore.com

ampletrade.ltd

cmmcwomen.group

michinoeki-taka.com

auntoni.com

huochegw.com

abovekulture.com

gzjige.com

americastandproudagain.com

hobbyhousekennels.com

1020waterviewdrive.com

5927399.com

gabipareras.net

Targets

- Target
  
  Ordem de Compra.exe
- Size
  
  823KB
- MD5
  
  bc14d13f1d7d4299cb07aff24b039b07
- SHA1
  
  91d3595692f85beb86cbd70f89c0327c1484d423
- SHA256
  
  03f5b9544b3bb2db290e54dfe203f425374d973ac225df52a7cb29adc7998726
- SHA512
  
  85081d8863bdbaf8ea7f85f9e69f0c8ea9d7aa3c6bd3f144f421b6ef86302c6ce5a6dd96e87dc95e4b4d7e581ff969c1d98854f6d0b5963d67dcfbad9edf3a47
- SSDEEP
  
  12288:hjLGEbvQe+5cZO6OCAq2iNoRLgIRLu8lVY+96xZXgOCxAumyVnQWiEyJTwVdRDJ9:hjt1KtL3lVYpxZXgOCxJHQttTwfN
Score

10^/10

formbook fs8 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookfs8discoveryratspywarestealertrojan

behavioral2

formbookfs8discoveryratspywarestealertrojan