formbook | 9983298c20cfbf4d592ab49495ff623673003a942259bab634c3cdad4b918adf | Triage

Sharing

General

Target

JaffaCakes118_9983298c20cfbf4d592ab49495ff623673003a942259bab634c3cdad4b918adf
Size

350KB
Sample

241229-hxn1yswmar
MD5

bca54ddaa6881331c3dce1eb670477ff
SHA1

6b70135d4e61e7fe4239005a96cc17634d51d333
SHA256

9983298c20cfbf4d592ab49495ff623673003a942259bab634c3cdad4b918adf
SHA512

4563ab3ff898701cf5f6dbaf9a75ba9eaa2e6c2b388b570c581112cf883e4820df785ffe0c8f929c0a9b30d0c66091210f7bc687e0cddbfc0d2d1d2e90274c12
SSDEEP

6144:wvg33On65bSgyJe2MHFf1e55G2bENC0GdjpZw1XgTEHBTX84D:BeMgJClwiaEON61XgQHBTX84D

Score

10^/10

formbook dv9n discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dv9n

Decoy

nblvqing.com

delmegebuildingproducts.com

xiongba8.com

latuawebreputation.online

nowcloud.tech

cckghs.com

tradeoo.ltd

ppapo.com

tphoaphuongdo.club

whitefoxy.site

bottle-sentences.net

computersewa.com

lushberryholidays.com

motobotz.com

shadurj.com

amazonlexdeveloper.com

shunli178.xyz

sjzzlmh.com

6eu09rp.xyz

novinmes.com

Targets

- Target
  
  0791e8ab1ff5119cb4dedba8cbd260f6a163100eb60657cad11f494cb34bbc71.bin
- Size
  
  409KB
- MD5
  
  d7fd44db6ff7913a79d60eae65422594
- SHA1
  
  00bdf1e46cb1c7a9f0c2d2b354482213517f2c18
- SHA256
  
  0791e8ab1ff5119cb4dedba8cbd260f6a163100eb60657cad11f494cb34bbc71
- SHA512
  
  b18ffc00c0b5c3e07554d846aa6ed3c99913f81fee441c09db54f77ec717a4161bc447d47780d6a16558f0e96757b1c5e98298dd994ca2ac4ed5531713114fa7
- SSDEEP
  
  6144:IzvmRaG/aq0YEYBJ6gjiOFuBt5a9LwNCKFYc/z3EHEle70IEU0rq/UiAY:IicGX0YHJ6gOp+LmCmz3EH1Ft/Uil
Score

10^/10

formbook dv9n discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookdv9ndiscoveryratspywarestealertrojan

behavioral2

formbookdv9ndiscoveryratspywarestealertrojan