formbook | 4518e39cae8a580d388d0a729d38235d6324d4db1c596ad3db06d661131924b6 | Triage

Sharing

General

Target

JaffaCakes118_9bbdfbdfbfc6807ee9bae456d17987c6
Size

539KB
Sample

250105-ltq8pazqgz
MD5

9bbdfbdfbfc6807ee9bae456d17987c6
SHA1

23bd49f1432429fe862075af73af430d355b881b
SHA256

4518e39cae8a580d388d0a729d38235d6324d4db1c596ad3db06d661131924b6
SHA512

b6b69f44c9c110de07056babd9b897b0eb97e97d536fc2ce784a61db0f793c514354b5b521b2062582f4f5fd25f49da7adf9ce2b6d297a0ec2de23d094443498
SSDEEP

6144:YriM0yt1y1zw4Mt+KGqOY1Ks7nqOI38wWq/7PkI3mzXnqMMmiXmhDkZPAoYUl:3Mkzc0B1Y17nz083q/DkImn/pDkZodU

Score

10^/10

formbook g8ni discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g8ni

Decoy

nickmowat.com

garethjame.biz

colibrilift.com

vulnerabilitylabs.one

neuro-ai-web-ru.website

16mcnaestreetmooneeponds.com

bestofstmaarten.net

meditelier.com

ragnarduke.com

escueladecampo.com

vongtayvn.com

inmemoriamaan.com

yourpeoplemanager.com

r6-gytr.com

agreeablebeauty.com

snpconfirms.com

tribalurq.quest

purafuse.com

cisco-training-course.com

wery.top

Targets

- Target
  
  JaffaCakes118_9bbdfbdfbfc6807ee9bae456d17987c6
- Size
  
  539KB
- MD5
  
  9bbdfbdfbfc6807ee9bae456d17987c6
- SHA1
  
  23bd49f1432429fe862075af73af430d355b881b
- SHA256
  
  4518e39cae8a580d388d0a729d38235d6324d4db1c596ad3db06d661131924b6
- SHA512
  
  b6b69f44c9c110de07056babd9b897b0eb97e97d536fc2ce784a61db0f793c514354b5b521b2062582f4f5fd25f49da7adf9ce2b6d297a0ec2de23d094443498
- SSDEEP
  
  6144:YriM0yt1y1zw4Mt+KGqOY1Ks7nqOI38wWq/7PkI3mzXnqMMmiXmhDkZPAoYUl:3Mkzc0B1Y17nz083q/DkImn/pDkZodU
Score

10^/10

formbook g8ni discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookg8nidiscoveryratspywarestealertrojan

behavioral2

formbookg8nidiscoveryratspywarestealertrojan