formbook | 1cbe998f7bd486be77131f2ae65a73851ebb07daf542c5c15d0128b7c68ce497 | Triage

Sharing

General

Target

JaffaCakes118_07207b80e453c29721f41336ff7b6c7d
Size

578KB
Sample

250106-b3z7va1qgs
MD5

07207b80e453c29721f41336ff7b6c7d
SHA1

dc94e0bfda65e54e4aafd101572c901f34b30a57
SHA256

1cbe998f7bd486be77131f2ae65a73851ebb07daf542c5c15d0128b7c68ce497
SHA512

dd0942141f77fa5e6547981ed401f1c109aadc4fc575819d0d83953e5e50bec46b4a87fbf0f91f3080882592e585009564cd33e8cd70230f482e404bf9b4153c
SSDEEP

6144:VGxhLF2wIWKv70zC9zp39CsnvfQN130bXGuvHGC7fKSF1idc1jPhKbO:Ud2Xp70zCb3fnQUbWufGgfdmdc1j

Score

10^/10

formbook gd3e discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gd3e

Decoy

losfesdffewfdskokoka11.xyz

aspenroofingel.net

mlstrategygroup.com

breakaway.asia

gzmx3.com

dronesadvise.com

bitmain.discount

lifestylekenya.com

dragonfly-road.store

rumbaughrecruiting.com

tarimech.com

starmcb.com

xn--kfz-schlsseldienst-t6b.com

eqgiftshop.com

regionsi.com

bonsainer.com

guideofguardians.com

orlv7x.icu

xemnha100.com

thelupinlady.com

Targets

- Target
  
  JaffaCakes118_07207b80e453c29721f41336ff7b6c7d
- Size
  
  578KB
- MD5
  
  07207b80e453c29721f41336ff7b6c7d
- SHA1
  
  dc94e0bfda65e54e4aafd101572c901f34b30a57
- SHA256
  
  1cbe998f7bd486be77131f2ae65a73851ebb07daf542c5c15d0128b7c68ce497
- SHA512
  
  dd0942141f77fa5e6547981ed401f1c109aadc4fc575819d0d83953e5e50bec46b4a87fbf0f91f3080882592e585009564cd33e8cd70230f482e404bf9b4153c
- SSDEEP
  
  6144:VGxhLF2wIWKv70zC9zp39CsnvfQN130bXGuvHGC7fKSF1idc1jPhKbO:Ud2Xp70zCb3fnQUbWufGgfdmdc1j
Score

10^/10

formbook gd3e discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookgd3ediscoveryratspywarestealertrojan

behavioral2

formbookgd3ediscoveryratspywarestealertrojan