formbook | a28314c9bf3aefd41c9bdaf8531d4516c0ca6ce4d269cda1dc992fac6e6f0c93 | Triage

Sharing

General

Target

JaffaCakes118_ae968eba5a26495706219fa2957255cd
Size

481KB
Sample

250105-tagh5syley
MD5

ae968eba5a26495706219fa2957255cd
SHA1

60e0a0b07e080896c96980409f419aecc9740f7b
SHA256

a28314c9bf3aefd41c9bdaf8531d4516c0ca6ce4d269cda1dc992fac6e6f0c93
SHA512

3da73a5af955f4731cb7386d755a2d9002c4c1ad1fbee8ff7004382c147fdf9bd8870db1b9eb1f19b16deb229dd45acd3b84bc8f9e95085dc7e99ba1b14a9a12
SSDEEP

6144:ukY2uQSJliuC3IR7izDC6q9v5bZeIjuQz1G77B1haL7JGKXGDvlCCmBzR7/BZ02w:uB2urJliuC4RSGHrUjfO/GTlCCmJ

Score

10^/10

formbook oy1n discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oy1n

Decoy

tammiestakeyqynaxbsjxgt.com

whbx-sfgsge1009-xvsdf.xyz

0ass52.icu

alfer-creacions.com

jsscr5.icu

kclearyart.com

studioandric.com

2zem.online

convert-course.com

fonduesetdirect.com

pohonrambutan.com

dousujing.net

dizzydamesdesigns.com

sphetbiubr318-nifty.xyz

bolader.com

casaceramique.com

ugrza.tech

pakzak.com

mjrandsons.com

happyandrelaxedstore.com

Targets

- Target
  
  JaffaCakes118_ae968eba5a26495706219fa2957255cd
- Size
  
  481KB
- MD5
  
  ae968eba5a26495706219fa2957255cd
- SHA1
  
  60e0a0b07e080896c96980409f419aecc9740f7b
- SHA256
  
  a28314c9bf3aefd41c9bdaf8531d4516c0ca6ce4d269cda1dc992fac6e6f0c93
- SHA512
  
  3da73a5af955f4731cb7386d755a2d9002c4c1ad1fbee8ff7004382c147fdf9bd8870db1b9eb1f19b16deb229dd45acd3b84bc8f9e95085dc7e99ba1b14a9a12
- SSDEEP
  
  6144:ukY2uQSJliuC3IR7izDC6q9v5bZeIjuQz1G77B1haL7JGKXGDvlCCmBzR7/BZ02w:uB2urJliuC4RSGHrUjfO/GTlCCmJ
Score

10^/10

formbook oy1n discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookoy1ndiscoveryratspywarestealertrojan

behavioral2

formbookoy1ndiscoveryratspywarestealertrojan