formbook | 6dfa80efaa115613c488b77eb4c28f7ebb4bf93c6f1c52d4485e4407cbac726a | Triage

Sharing

General

Target

BHYZIOPNB.zip
Size

673KB
Sample

250125-m6dzkazmfs
MD5

e7c62ade7f86f5a3558c53cb7ec9a2e4
SHA1

09332a9bd1b0b99e7708fd9b8f2df847f91c15aa
SHA256

6dfa80efaa115613c488b77eb4c28f7ebb4bf93c6f1c52d4485e4407cbac726a
SHA512

a1017ecead82a18a3fd10deee9a66b9988a42ef768554f5f00a6fb08b2fb81012a45493bd3fdbfc158d416c62b4602d8aea4e2ccde077a93607e13bfd7f38308
SSDEEP

12288:bhnZR5vvsslRR0bQHIqEiEMeHUM+5CiIfFkwZKo/e52NgZ3bKhruChH8F79lTs:bJfTDR0soql2HUMrZSwZbqZ3b4Glg

Score

10^/10

formbook pgnt discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

pgnt

Decoy

0WG18LbM4lR9iqMRa4nlBzTb

jcfGYzPgZTqFZVO9FV2yIw==

laIfrdSC8/4CNg==

Q73ilev5GIWuOrAAFV2yIw==

Q2u/pMw7pv4sPA==

TbqvIUHwlQscPo0HFV2yIw==

8PNWfGPyE8n0IQ==

WtgROxXzvY2L

PryaRBNjm4eP

Y9Hdi06Cry1um9Sj68YAu1o=

3Gulyp7CMQtR78jvLkk=

JJ3GasTVTCRQT6Tfz6S6GlI=

RnS42bhb9tI0R6UpD6wOxriNxw==

he1mi2sOGfzTRGHnuA==

eaYjCtjxVjdU5XLRtBMBLKk9quA=

k9rTeEqYzzw8WaTfz6S6GlI=

5luVQwe2vJWKEAiMdF4=

MGW14L9OVk5Y5TaR6w/DqdhYxXVY

mAsYz6k6sQkDC0/DoHj9t1RPWLSgFQ==

y5klhuMbE8n0IQ==

Targets

- Target
  
  BHYZIOPNB.exe
- Size
  
  855KB
- MD5
  
  1995c1e359856aaf53620ccff5d910ee
- SHA1
  
  e0250072098be31deee9729f5d1da5d9815f1d88
- SHA256
  
  09e1019a2424f76e3511d2224eb8e09a80b0400d571e0d0393d0cf33df603a9c
- SHA512
  
  8a5bb5afb3a98ddb839d8616465d2c16e38c7e108c0e12e00835716c177215511cb0339825a223e37046dd51a8540b4c74ce0012de745a12fa15b55f9eb58d61
- SSDEEP
  
  12288:6jjm/7QG8h3WX9GPlqmTG/HVuYSk2/YEZA3zzu0YzYzLJqTX:Ek7QTmYy/EYSZRZADz7pA
Score

10^/10

formbook pgnt discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookpgntdiscoveryratspywarestealertrojan