formbook | 6d6ed63e357100a38b5bb4f4a256be07e34960bf25dbf0cc7d8f6b66e06d2df3 | Triage

Sharing

General

Target

JaffaCakes118_8c0ee1047417c73e05ff20905963357e
Size

830KB
Sample

250105-e966hstqdr
MD5

8c0ee1047417c73e05ff20905963357e
SHA1

4870480c602168a6b0d5572810ca7289107df0d9
SHA256

6d6ed63e357100a38b5bb4f4a256be07e34960bf25dbf0cc7d8f6b66e06d2df3
SHA512

7005b8ffcb3837deb0f4e238ae60d8037c83e12d4b3e911efaba6d414e6c52deeef4cf2b8bf26bec2e720edd870ba2d4570a6ad92ce40db0037efac2b0c4c41e
SSDEEP

24576:TLnGQYTq2UThCPIrkZZAF4tDc0eYOsUjzR:fxYT9/AkHAOtPWsazR

Score

10^/10

formbook cb2k discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cb2k

Decoy

prets-personnels-faciles-1.com

lavandica.com

855goldenpark.com

ebrandschool.com

annielaineinspirations.com

tuscumbiadivorceattorney.com

lovarebanwgt74.xyz

car-plus.info

fireloops.net

psychtechsolutions.com

didubreak.com

cursodesigndesobrancelhas.com

berrymyrick.com

visit-croatia-now.com

chamonix-cars.club

1679tnpnd01uzznpvfu8795.com

noisedelayrecovery.com

sergiotimoteo.com

lplc.cloud

ppezjo.com

Targets

- Target
  
  JaffaCakes118_8c0ee1047417c73e05ff20905963357e
- Size
  
  830KB
- MD5
  
  8c0ee1047417c73e05ff20905963357e
- SHA1
  
  4870480c602168a6b0d5572810ca7289107df0d9
- SHA256
  
  6d6ed63e357100a38b5bb4f4a256be07e34960bf25dbf0cc7d8f6b66e06d2df3
- SHA512
  
  7005b8ffcb3837deb0f4e238ae60d8037c83e12d4b3e911efaba6d414e6c52deeef4cf2b8bf26bec2e720edd870ba2d4570a6ad92ce40db0037efac2b0c4c41e
- SSDEEP
  
  24576:TLnGQYTq2UThCPIrkZZAF4tDc0eYOsUjzR:fxYT9/AkHAOtPWsazR
Score

10^/10

formbook cb2k discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookcb2kdiscoveryratspywarestealertrojan

behavioral2

formbookcb2kdiscoveryratspywarestealertrojan