formbook

General

Target

JaffaCakes118_60e69b5308fc3a7233d5fb4379625a028234b0df6194a898b973897a92377b89
Size

1.0MB
Sample

241230-apw3la1phx
MD5

c7fa696ca9f1566aee6932fe1ff37460
SHA1

e2bb2b9c80d1042e232c407cc90884e85b1d8f2e
SHA256

60e69b5308fc3a7233d5fb4379625a028234b0df6194a898b973897a92377b89
SHA512

e948c102a84476b95663ea64a29c21a6c28b100e7027d7ac4dc99b2eddab685bde2c4208a47636a16a863fbcc0283b5d2d024443a627a2492decc12058bfcb77
SSDEEP

24576:x078pPTHMVJtyMHkT/WA3SyKg4qt/5QTVyeGYwEG4UrBmKoIrw:x0SDuysk9VthQTwYwEOKb

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mn21

Decoy

h3k38c.icu

qbfstopp.com

butalip.xyz

hanghang.club

relativemotionsuspension.com

bjddjyfdc.com

patrichard.com

filyacat.com

mothertukker.co.uk

riescodesign.com

afierypulse.com

supplypartners.biz

ekkogroupmoment.com

ivnocup.com

lycyjzx.com

elbuensamaritanoinc.com

forzel.com

mykedairuncit.com

usuariosconsultasnet.store

idaparry.cfd

Targets

- Target
  
  1102670247.exe
- Size
  
  1.2MB
- MD5
  
  698a3a3a5cbec27c26d77863e3d92d28
- SHA1
  
  ea49431ca823990a6a50c50a183a78a24b4c163b
- SHA256
  
  c8dbe8b8a92f18c8361b78167dd1f079d5d41b3a2e48065aad717ab07fc62027
- SHA512
  
  4859433c22450025831b750f26e8e584bea8ffdf07b4a59075585e134197f8b82768a9d37a0449ac5a33adda5dd39fa632d1db9ae2ebd8a6d47f9de1b9a42ec2
- SSDEEP
  
  24576:UAOcZXcxP6qa5JWwElvJpUNsUCl/NzyyRiP6n4G7/AybB6Tq2HR:CHF4JWw6vfjK6F7LdgRR
Score

10^/10

formbook mn21 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2