formbook

General

Target

5bf98d0b5924fad554baf44e116b4f40dec7faa71aca872451997b9832bc104f
Size

578KB
Sample

250210-pfkerssmgz
MD5

e720382993edaabed1d7b02cac45dfb0
SHA1

bbf202fa07fa86ae70cee77f7ed3f7881d8f2176
SHA256

5bf98d0b5924fad554baf44e116b4f40dec7faa71aca872451997b9832bc104f
SHA512

cc489c736ec4d792ff8539ec28c6bf32fc6200487f89b300b8ca61a0c48db45b28d9cf546ed3ccf41e4337cefe8264d3dfb39cc328d9c4ca2ce444059559f460
SSDEEP

12288:9GOVU3KFkvA6rPo1F7oXKNHuiPH+/xsVvRph3t2lBo:9Mtnrw0XKNHusamDh3CO

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o10c

Decoy

regnancy-67873.bond

oppyworld.fun

oomoo.store

illyjolly.online

-avi.art

unisitri.net

unaid-jamshed.shop

ookcovers.xyz

estrated.xyz

rpa.club

4rcraft.online

litz.baby

lysiannails.art

commerce-69321.bond

rokidu.info

havuonvanthanh.store

hiteelephant.online

ghkp.shop

uabf.info

ynthesizerwf.store

Targets

- Target
  
  PO Contract pdf.exe
- Size
  
  769KB
- MD5
  
  e4c95a9654a8a1ffc9c2da8de3299258
- SHA1
  
  8c1e4834df81da77f7765ebc431750353a5bcf9d
- SHA256
  
  57a78347375504df5a96e64875a08d287088b2392a4d69e0357f0ede1895b172
- SHA512
  
  7795f7cf717691c3562d1852cbcf96bbbf58673665e77f256c17f0f5126fd3a41ec51483e16d32d40785a0ab5e61a7539ead7c2294803c38813f9cc1e383abdf
- SSDEEP
  
  12288:dMVUhEFIPAer9o1V7oXiNH6i5yFyMuU09Cq3InWoLZ/cRts:nPtr+gXiNH65d7Y3InWoLmRts
Score

10^/10

formbook o10c discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2