formbook

General

Target

JaffaCakes118_cef37f3296f9a9d61a760a045c5ac55bd1110fee4ee9827aced0069981bc0dbe
Size

247KB
Sample

241229-an6kmswqdl
MD5

7b70487fbcdc0a559ce22129ba8858bf
SHA1

2b61e99327624fb3604d37687dfd4e5973243d69
SHA256

cef37f3296f9a9d61a760a045c5ac55bd1110fee4ee9827aced0069981bc0dbe
SHA512

0877f2375b7405f0d980f3fa58854a6e1566ab9d559a7537d4953efb5ae34b30d1dd5d256d03384edf3888fedfcfb2a6dfbcad549358de5a0b93e231250e81ed
SSDEEP

6144:0NcWzdsGNMijdbU0Svorot99x9gA2NHHk7+dkTLhnAZ:6cWj7NcDb9NBW

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

tsuz

Decoy

7xznvXjpgziXgKV2gqDW

v7D1tLx/XXVj4TTJXNA=

Kksd/nV8o/fgptkq+1ql6A==

vJOH8u8W1nXX

iJ+tj7iKjquTOKxx/3r8KiNc63xxRA==

5xTbq0yL85f2O8soEE0aWGxrjA==

b4/knWkfwQCByw==

AnrOservDq83Fw92/GiG7pk9VAzP

o7ULEGiFpFC6VQ15RtI=

pcuYY7Ei2ReJqmM=

kNvNtWa/SQJpV3t4NFw83Ea4URzU

eGmxllMUuHzf

xwWU/I4R3RuT0A==

h4kM4poKqlXK9NCgTs8=

HkWLW5J3hL6vF2MFgsnAa5N5kpHF

u+nKjgM7r0ewzdd2gqDW

XE4s8ioNHndqM2P+krcGi9g=

OoVuNLkVoUGpwd56GXTPATwOJycptRJwdg==

n5cbiNrqOcpcqGw=

1dve5llFRkJ333E=

Targets

- Target
  
  167f095c678aad5d26949f46d21bd2bc07744b09968d780e310484b42404580e
- Size
  
  260KB
- MD5
  
  c12a88137a0676ae55c4c77d5d4932d0
- SHA1
  
  2f1686c543ed90281fc983e95123e8f6c7a9dce9
- SHA256
  
  167f095c678aad5d26949f46d21bd2bc07744b09968d780e310484b42404580e
- SHA512
  
  d3a81c4aae6f5863ed368648f0440f75397e3f2ac60c507f37b58250db42dcf192ba701b0cfb10d98b1bd98d9785761ad37c803a4b2837e45e77df3fc6c86a63
- SSDEEP
  
  6144:HNeZmwzYdsGNMiVdbU0Qvoro999xhgA2NhHk7+dkTLhuAT:HNl97LGDrhJBr
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  hgwblnwgct.exe
- Size
  
  74KB
- MD5
  
  4111e78e1b2f65a6c9cde6a549d337d9
- SHA1
  
  f3ab87fc6678f1f6f676fa3243dedb0728832dbc
- SHA256
  
  d45f7a637f385cac3c1b519a702d02fbf8d0bbfb883f87454ba352a4fec32bf4
- SHA512
  
  9c7cdefd0b3712210a1bd31df9306fe1cb371b242dd2c45d3f7365d7e202a046733e8b2645f41f7dd30149f6a12b1687442778fc0abe72c94b6f1958bf1719ec
- SSDEEP
  
  1536:dntSyjW68naQx9cSiWrX4ezsfNZPGMNftEdt8vklJssWXcdZpkBa:X8nDx9PJzsfNZPGMNfORlhZpkBa
Score

10^/10

formbook tsuz discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Loads dropped DLL

Formbook family

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4