formbook | 0b36d66a0df438fbf3bc712b6c55d8aefa42139d4c95b92d7ca72e3cf8dedb7c | Triage

Submit
Reports

Overview

overview

Static

static

1

0b36d66a0d...7c.exe

windows7_x64

0b36d66a0d...7c.exe

windows10_x64

Sharing

General

Target

0b36d66a0df438fbf3bc712b6c55d8aefa42139d4c95b92d7ca72e3cf8dedb7c
Size

823KB
Sample

210504-bgvbwrzlh2
MD5

044b98a3ce8315a0b0cd8e7ebe61f7e0
SHA1

d350a93f2a44ca872e2efba0032eb33490c874c0
SHA256

0b36d66a0df438fbf3bc712b6c55d8aefa42139d4c95b92d7ca72e3cf8dedb7c
SHA512

16f686455dda18b7c088dd06d7cbd6ed1efd7dd382f13c7e2fbc76e0d996b1525e8dc32d599fc1ff678661b8c96484196b33b731472134e93b6fceba673d9854

Score

10^/10

formbook persistence rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

0b36d66a0df438fbf3bc712b6c55d8aefa42139d4c95b92d7ca72e3cf8dedb7c.exe

Resource

win7v20210408

formbook persistence rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0b36d66a0df438fbf3bc712b6c55d8aefa42139d4c95b92d7ca72e3cf8dedb7c.exe

Resource

win10v20210408

formbook persistence rat spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

3.9

C2

http://www.nyoxibwer.com/a8c/

Decoy

kesslergroupinternational.net

elcarretazo.com

livbim.info

thamxop.net

abitur.expert

cidavidjoy.com

digitalkarwaan.com

hcave.com

foundbyjack.com

servicarpasjc.com

giaotrinh24h.com

ladasno.com

harrisxn.com

bestbtccasinos.info

australianflying.com

louboutinshoes.site

taohaomi.net

s5league-europe.com

lizhongysw.com

imizuspotsboxboxinggym.com

monterroportal.com

omegaadvisory.info

globaldigitalprohub.com

rocketradiolegends.com

botafogousa.com

lefthandchurch.com

10-2johnsonstreetnorthcote.com

646frj.faith

chinalihe.com

cttexpresso292738.site

uncoveredforums.com

torpedo-ab.com

merchantlightingconsultants.com

llfireworks.com

champa-chameli.com

costus-marin.com

hecvision.com

drgrsdgrr.com

aussieducation.com

zulufaces.com

sdoykz.com

digitalmarketingpartnerz.com

margaretbialis.com

qiehao.online

thinkingcustard.com

emerya.win

junenng-zh.com

xn--0lq70ehybmwhzx1h.com

mbchurch.live

catcurios.com

waisttrainner.com

tragedel.com

4e73.com

chasingsdgs.com

michaelboydatlanta.com

thubnailseries.com

wanli118.com

wongelectric.net

gydsyj.com

onesquare-trust.com

wlqp55.com

cbmissionfund.com

allianxgroup.com

blessedladyoutlet.com

Targets

- Target
  
  0b36d66a0df438fbf3bc712b6c55d8aefa42139d4c95b92d7ca72e3cf8dedb7c
- Size
  
  823KB
- MD5
  
  044b98a3ce8315a0b0cd8e7ebe61f7e0
- SHA1
  
  d350a93f2a44ca872e2efba0032eb33490c874c0
- SHA256
  
  0b36d66a0df438fbf3bc712b6c55d8aefa42139d4c95b92d7ca72e3cf8dedb7c
- SHA512
  
  16f686455dda18b7c088dd06d7cbd6ed1efd7dd382f13c7e2fbc76e0d996b1525e8dc32d599fc1ff678661b8c96484196b33b731472134e93b6fceba673d9854
Score

10^/10

formbook persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookpersistenceratspywarestealertrojan

behavioral2

formbookpersistenceratspywarestealertrojan

© 2018-2024

Terms | Privacy