formbook | 8a493236ca59271b4398d411e3a8f52149000a44958a25f754869978ee037e47 | Triage

Sharing

General

Target

JaffaCakes118_8a493236ca59271b4398d411e3a8f52149000a44958a25f754869978ee037e47
Size

1.1MB
Sample

241229-nb8q5azpaj
MD5

7cc48e196a4e4cd32f59b169a9f04dae
SHA1

939025c36872b449fbdfcf935693ef36dc96f6ed
SHA256

8a493236ca59271b4398d411e3a8f52149000a44958a25f754869978ee037e47
SHA512

60419f92225911f9695d06f77abd2936f5ba1716208503112d537b31bceb608094547ba90d655daeb8ac223a6d4aa561c25120c8f1cb50d172fc44ddd0aca4cd
SSDEEP

24576:cC0J6sqEW0aWnbUSn8XRm9QehZWgmB29h1eJlKIpjt:cC0wsFnahS8XRm9NW8X4

Score

10^/10

formbook t01w discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

t01w

Decoy

yeluzishiyanshi.com

thehardtech.xyz

arrowheadk8.site

zaulkunutila.xyz

lookastro.net

congregorecruitment.co.uk

darcyboo.uk

collettesbet.net

ltgpd.com

hiddenapphq.net

haxtrl.online

esenbook.com

jxzyyx.com

ulvabuyout.xyz

instashop.life

vazra.top

ewdvatcuce4.top

zhishi68.com

fabricsandfashion.com

hootcaster.com

Targets

- Target
  
  DT0912.exe
- Size
  
  1.2MB
- MD5
  
  35605d52ce7729150f07f79a6d14a415
- SHA1
  
  f123414e65aef81242fa4cee2779de1a2a62d377
- SHA256
  
  7f5165dc64cbd376f256758989a91cf0600173d59f4384ad112a40dce8db530d
- SHA512
  
  20e14a0cb568d28d7d94ebbfa5a053fee8f547bc03b3c7888263d50f2438eed86d71959e8b0eb4d9b79c279fddc68cadc5da0e6be850f58fbbc497f3253b9ee2
- SSDEEP
  
  24576:iAOcZXp0TRXJFPJ0MK8WRyl/ZUkjPV99npuezy71oporahG:oFXPJ0MKzYhUkj9fZe6GJ
Score

10^/10

formbook t01w discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookt01wdiscoveryratspywarestealertrojan

behavioral2