formbook | 5c4d696c5d8860aaad5df1ea26dba5717fafd8edcb4c3c5acb2991ac467f0f61 | Triage

Sharing

General

Target

JaffaCakes118_5c4d696c5d8860aaad5df1ea26dba5717fafd8edcb4c3c5acb2991ac467f0f61
Size

269KB
Sample

241226-yfrnhsxjfm
MD5

bfec772ad8acb4a041c865a7780f48e2
SHA1

b959f17f2a88928715d80b0720c47b4788768137
SHA256

5c4d696c5d8860aaad5df1ea26dba5717fafd8edcb4c3c5acb2991ac467f0f61
SHA512

86e0b0636e7181eed4c3ebc0d4c839d13fcac4adc2151b70f5a30aae0e20801c750e10dade622411ce043dce256ecb4e1c08219fea0c9833c25ddc6100d5558e
SSDEEP

6144:2l62sPPDNmAmNHBrZ71C+DimNRKd0cUgmYYa+Wzzs/+Wlh905Jb9:sXkrmNHDs+DimNAIOYa+xS5Jb9

Score

10^/10

formbook rhk defense_evasion discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rhk

Decoy

decodemethod.com

mamakeyfim.xyz

3smokers.com

rentaspendirect.com

projectstasksjobs.com

animedesignetees.com

ursthegardennurse.com

sunandmoonshirts.com

encuentros-es.com

nevadahomebirth.com

xoxoplants.com

tentenos.com

anhpham.net

beyondtourney.com

surfficient.com

wannahavedays.online

hmyhvgxax.icu

holisticskincarecompany.com

juggfuckers.com

ixgrmz.com

Targets

- Target
  
  SWIFT COPY.bin
- Size
  
  491KB
- MD5
  
  1e83fcc22cccdab1b97887b371f4b8d4
- SHA1
  
  1f2ae9417601ffea6c57643a7b56e78b50c8cb2d
- SHA256
  
  ba2bf5801650d3b1efe26350bdca102f606dc7622ad4908c414789ef5c0f24b3
- SHA512
  
  f5b2fa7f380d3deabc4fe346704f8689ba8b64962080aee843c346c44b98a059db743aacb301725b22c6a7dcc34c3f5810baadaed7e6e880e8bfaa7ac1fcb29d
- SSDEEP
  
  6144:a8mQxbxKRcW/+sbJT4nwWQjqsV0KdYetrjstIoT5GWeuWiKASr:a8mqbx1C+6inwWQjLr2moToWaiW
Score

10^/10

formbook rhk defense_evasion discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookrhkdefense_evasiondiscoveryratspywarestealertrojan

behavioral2

formbookrhkdefense_evasiondiscoveryratspywarestealertrojan