formbook | 09c9a87a24ffd436df9cbe40a9caeaa04e947c029e6a8a9780d7a16e90ce073d | Triage

Sharing

General

Target

JaffaCakes118_09c9a87a24ffd436df9cbe40a9caeaa04e947c029e6a8a9780d7a16e90ce073d
Size

434KB
Sample

241230-2ertnsvkes
MD5

2605a10aa4d9ef3c3fd42f836a90726f
SHA1

333a60ffea04beb552cf9a61e4f3618c1e516db3
SHA256

09c9a87a24ffd436df9cbe40a9caeaa04e947c029e6a8a9780d7a16e90ce073d
SHA512

e72cbe81e6feb2e770883c8d6ec9bf08cc4085e09c8cee7abf854830ce488c958b9a3c93a07056d2f17c1dc468519d70387fe43337dde3719c3b68a464574f76
SSDEEP

12288:PsLOCXrgHDIoOGwnTijD3pjJ4x4vsZ4SOdHQ56wz:Pm77KIbGwn2jhJWVGLHQDz

Score

10^/10

formbook de08 discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

de08

Decoy

retirecloudyyard.com

fabiyan.xyz

chrisarlyde.com

selapex.com

vivalosgales.com

specialty-medicine.com

contasesolucoes.com

satunusanews.net

allyibc.com

alameda1876.com

artofdala.com

yukoidusp.xyz

steeldrumbandnearme.com

stonewedgetechnology.com

kentonai.com

macquarie-private.com

ddgwy.com

megagreenhousekits.com

descomplicaomarketing.com

inclusiverealtor.com

Targets

- Target
  
  ORDEN DE COMPRA URGENTE pdf hjk.bin
- Size
  
  577KB
- MD5
  
  a66ac03d7eba955eb333287291e4a24f
- SHA1
  
  0eb687b7d0fd4d282caebbeae42bf744df7907ae
- SHA256
  
  6bf2f4d58a837d790e914f36b0056e955c35ea5571d5a758b0e0f052e8b4294f
- SHA512
  
  c076903a48d9965d7fc97cbc8606f4fd50c9eb7477794991efc519393d720f4d54765d22b0e366e0efbcbbe68b3fe915e8f43847f263683b64af902dc4bba525
- SSDEEP
  
  12288:oXwQXxqmIL0WCuZvtjIsIlxQPtVEZ9nYc5Gy7RjallylSx1o:obBq0TuZvysIlejU99oy7Rjm
Score

10^/10

formbook de08 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookde08discoveryratspywarestealertrojan

behavioral2

formbookde08discoveryratspywarestealertrojan