formbook | 739a7a2cd1b3799605d3d7ded9fc159d74b20b9b5b8bfb46fd870d93fa825a49 | Triage

Sharing

General

Target

JaffaCakes118_739a7a2cd1b3799605d3d7ded9fc159d74b20b9b5b8bfb46fd870d93fa825a49
Size

481KB
Sample

241226-zcnccsypfq
MD5

f42c42fbdb40cdd4e3bb6e439fa98a9f
SHA1

7ac759da83f9b3d3151b975c06146e5aee8b7905
SHA256

739a7a2cd1b3799605d3d7ded9fc159d74b20b9b5b8bfb46fd870d93fa825a49
SHA512

cfe2b8cc2f788b46c3b1e2065504af5f0af87d331e6b44e335f6c5097e68700fa52a898aff32375378c0edbdd5509b54568bf21f7a87b9c9ca43b4ead53e36d4
SSDEEP

12288:yNbkKb4z4fywoc+D5QSRCfdfO//tpscEqUId+sO:ukg7vO596M//tpm5sO

Score

10^/10

formbook sqxs discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sqxs

Decoy

creid-network.com

dinningatcastlehill.com

fundadilla.com

fashionmdeasy.com

magentos6.com

pushpartybdp.com

streamingnetwork.xyz

sevenredwalls.com

hsuehsun.space

leanbirthdaycake.com

rocketmortgagedeceit.com

cashflowdb.com

smilebringerdesign.com

naomicoleclinic.com

wingsforklift.com

newsounding.com

48hrbusinessrescue.pro

101osthoff456.com

attleticgreens.com

xx233.xyz

Targets

- Target
  
  Nov.pdf.exe
- Size
  
  634KB
- MD5
  
  406a8800ac851d7591b9faa57c7a540a
- SHA1
  
  62df23d861119dae068567ed47259c44a9121064
- SHA256
  
  714c331c290a9293ff62b5ef61add6cdc8d33043b2290c4e422f18ade08a513a
- SHA512
  
  51e74669a8e11ac12409a61828d283747e20b9f439db9da158232a44c7ca9aff6d2aafa8506791566e03df44c36251b612daa9a8dd0eebeadc6ee338ed2a3ffa
- SSDEEP
  
  12288:WBpCdKYpMlSGbv567mWTWwwjENXl+6vkMFfVIQZWaxyc0d1is:MMQYCSGb5cmqfwj61MMFfVIcycA4
Score

10^/10

formbook sqxs discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooksqxsdiscoveryratspywarestealertrojan

behavioral2

formbooksqxsdiscoveryratspywarestealertrojan