formbook | 89a9e3f0f73595cce8c4e0539985e9b0c400f472b7d6662acbe4dba54c88f8f9 | Triage

Sharing

General

Target

JaffaCakes118_89a9e3f0f73595cce8c4e0539985e9b0c400f472b7d6662acbe4dba54c88f8f9
Size

701KB
Sample

241227-aw5y3swnh1
MD5

c53cace91fb501abc9e6986cffda2470
SHA1

372425d0d7102de31bd7454384ff222f5d87a5bb
SHA256

89a9e3f0f73595cce8c4e0539985e9b0c400f472b7d6662acbe4dba54c88f8f9
SHA512

cc724a5921500e9c480ee302cec151805e0f616493cece839aa351d2cd2a66af1c5b1603029af92f684346975eedefe1958bbb0676161dd52c6a565e2bdecc8d
SSDEEP

12288:sZ1NOW5VX3m1+Sx1lDcDIqg2BuUXPV3TU37M9p2L0eLAfyn+P6kBif2dzS0ZeP6w:sVnVHqx/+kMRmor2L0KF+NBiedzSj6w

Score

10^/10

formbook odse discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

odse

Decoy

braedlifestyle.com

morganjohnsondesign.online

surup-v48.club

diypoolpaint.sydney

v-b7026-ghhh.space

vetyvar.com

lollydaisy.com

campsitesurvival.com

autocalibre.com

fusiontech3d.com

xn--udkog0cvez259c82sa.xyz

eccentricartist.com

jc-zg.com

wacwin.com

livehealthychoice.com

visijuara.com

phigsa.com

sabayawork.com

afcerd.com

joeyshousesessions.com

Targets

- Target
  
  3cc61e3b10971812969457d5c2f23ddaffd81ba130c8b0a13614e81988891261
- Size
  
  919KB
- MD5
  
  fef7047ab5a223c930108b5b61e332bd
- SHA1
  
  25f25911db849bc152a097ecc3a5e46e5a4aa3d1
- SHA256
  
  3cc61e3b10971812969457d5c2f23ddaffd81ba130c8b0a13614e81988891261
- SHA512
  
  73ef3ff8bc916155b467de260dcd0f4484f1771dcfc2035bf5f80f855ce073b6e5b57c28810d7da0535c700579ce6bcc8cf3a22d983d7e22e7667dbd33b78f3b
- SSDEEP
  
  12288:fPDc9F3nC0Py3gAhmioPFg/Krib63eLojTLKvdgtaFs9Ab9h+tT1Oy3fRWCLWkbY:fQiQ1roS3XYdsYs9A63R7L4
Score

10^/10

formbook odse discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookodsediscoveryratspywarestealertrojan

behavioral2

formbookodsediscoveryratspywarestealertrojan