formbook

General

Target

JaffaCakes118_9ffd8f5cd26f82289e8f54da8894460401044c0e8506a97a016bda281458d732
Size

243KB
Sample

241230-blws4asqhn
MD5

5514ef534e111eb4e6ad8b8617d1a5a2
SHA1

a71e3bc5f02331493e46467c3c399c2688f68985
SHA256

9ffd8f5cd26f82289e8f54da8894460401044c0e8506a97a016bda281458d732
SHA512

cb2505c2a3a4166571969c3fe72c98d6dc0c90004839e7c9d4032522490cc10dfe2ab5e9069dd2850cbb4bc67527d9ce53346b0a903daf9bdc3ddc6761bdf317
SSDEEP

6144:HowmKyAPpDV1SFQBF9yj7fve5uW+6VyuKd9aZ1:Iw7xMQBzKjW5uh7o

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

avcn

Decoy

iQqc+b5jHA+W

gCI4O82LSsNA9tLkneHk6qA=

3I2qv1ZVYff+1Eo=

1YmmfbWjsiHmYcYjSVTf

NBsHMXP19khOJt2KMTEHhw==

phGkJ+uyWGow/gNhAcfxpNU4GLuUgXFcOg==

76S4kOajAII72kw=

YuoJB0X0+/LJtxIjSVTf

dfwI3SsaGogqBAZ4xhUx4B2g+LiF8XoFNA==

DPZ6AvfogdqUiZUq5K+3Jqk=

hnICZyINthreqpPpaLz9gQ==

yVh1ZpxISCr6h8b+MA==

/8Tg3VE+R7A/Bte6oC7kz/g4mz8Ufa4=

Nb5SuHlc+kxwGO5Oig5THgechA==

/NLWvgr7IAXcxzuueX/s6wJXODEI

/niFcKdVbQHAqH2y

Gac4n4YyRhvRYuK6

RtRr4pSUsjjOu7qsuv9FFBTuiHQ=

u1p5bblp59M=

qmh/ZV4PTj/IiNezISd2YeWw

Targets

- Target
  
  Payment Advice - Advice Ref[A1RxGSqgxSF3] Priority payment Customer Ref[2000015497].bin
- Size
  
  258KB
- MD5
  
  1ec9c287f61dee3f7cee2dc216e8596f
- SHA1
  
  2ce2bc72b3245447687fddc717dbc087573e9422
- SHA256
  
  0112b086f601e1d8a6d10ce4e798dd5eaf379127cb99d5a4b4f44ec708457ffd
- SHA512
  
  74568e623eec50754c1a0cf3e2db27e120777f8c80a80df94fac6f106b5b43d7a8a0f9b5375f86bdbc8122d49eac2127bb9167f2e6a7d658f2e9302fe8ab69e5
- SSDEEP
  
  6144:mbE/HUba5PBYCt37k0AUck3UcrhNQxy7bjTRuFsC42TjKoagrM0:mb/aLPtLk9rkEcrkxey82TjKzyp
Score

10^/10

formbook avcn discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  yzoczjnuz.exe
- Size
  
  59KB
- MD5
  
  60ebe600e2d67c0877426dfd53be96d7
- SHA1
  
  83c0f3f77bec5df19f20ab0706ca736bd5e6e0d6
- SHA256
  
  fad978413cf6a36fbd03d3c96a5a08d0cf227e17710abddc06e73ae1913de648
- SHA512
  
  f0e2839211d84f2247a654f51ff07fe4c89f3d9ed71558e34479d8afe08aa9f606a65d1e53eaa0bea8287537de8f7e50427402f33a0339739b4dff7405a127eb
- SSDEEP
  
  1536:WgvtLu0ZssXg2J2m3K5n2ETMCZQsuyXn5QnQC:WACsPEvMCi32nCnQC
Score

10^/10

formbook avcn discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

Formbook

Formbook family

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4