formbook | 9d1386eddd2a00f8d0450970fced6969aaeb4ab7e5da9fe46fd3423140681142 | Triage

Sharing

General

Target

JaffaCakes118_9d1386eddd2a00f8d0450970fced6969aaeb4ab7e5da9fe46fd3423140681142
Size

646KB
Sample

241228-3hgzbavrbj
MD5

20bcb109d815c8e47f3723bb0e6eb106
SHA1

5ae4b9ce49f7a5815eaf49f9842e642046b4a28e
SHA256

9d1386eddd2a00f8d0450970fced6969aaeb4ab7e5da9fe46fd3423140681142
SHA512

20b8fab0167a61996bea704a41ab5c4cb74d559496ed7614a34481c344e49b561d8869464eaee73c84b5f455995a98b07db6084e5f868ca10aebaf10be1468cb
SSDEEP

12288:5Qm84CYGrymNSiylxFAfquBjN2WGR999HPNlEhLKTGMBJbSRv1l143EKp:5X85Y1mNSD1GR9GDrHPoLuG+n3B

Score

10^/10

formbook gbwy discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gbwy

Decoy

fortnitegol.com

damoa.clinic

flifeunite.com

smacey.com

geekflare.host

teachflame.com

moneymakersclub.net

hollstore.com

virtual-box.cloud

electrojagat.com

lucianenergy.com

sagradha.net

bluehatcrypto.com

brandaotec.com

elisabeth-koblitz.com

miamielc-kuwait.com

juicedbikeszendesk.com

artesiansalt.com

avisena.net

homiesexuals.com

Targets

- Target
  
  TRNSF.bin
- Size
  
  1.1MB
- MD5
  
  fe9fba11b0354b03ec4374321cf5d7f2
- SHA1
  
  5e52cfbf1f5020337a2bfafe83881217df3869dd
- SHA256
  
  1fc7c86df7aa45224f6c8f4a94513663dfe77dc79603a0c1325736c376aa68e2
- SHA512
  
  41f9145b538668034d4812ac5cfc8020c59a9d905715b8370dfac6fde11ca613bb1a70c45819883244af81798b5370e3542001bda0bc783c7d1ff1a7160511d9
- SSDEEP
  
  12288:bmqWFHmsSSMPQipP5JG/UXU9l9SG8nB2A+WwWL5ED96ZaeAiMJVpQhoEp53UC:SRHHipHCUkVWB2hr+ED96ZyquEplU
Score

10^/10

formbook gbwy discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookgbwydiscoveryratspywarestealertrojan

behavioral2

formbookgbwydiscoveryratspywarestealertrojan