formbook | 1b39d6bf218028dfe7bc8254a3b1682804e9bf05b8298c708c318236f64ad986 | Triage

Submit
Reports

Overview

overview

Static

static

44696d2520...dc.exe

windows7_x64

44696d2520...dc.exe

windows10_x64

Sharing

General

Target

44696d252000850d3ea71d9ae238aedc
Size

1.0MB
Sample

210915-hlzcjsaab5
MD5

44696d252000850d3ea71d9ae238aedc
SHA1

1fb61a1df500f9025641526cb4013d555b129a84
SHA256

1b39d6bf218028dfe7bc8254a3b1682804e9bf05b8298c708c318236f64ad986
SHA512

e1115a0a70b6d532633c1c60733a2aebbdc9e14863deaec7f6e15604c20f9f3ce3d36132ec2b814a4c774b25a6c4c8ccad4003724b98abead2be3f752b9d6314

Score

10^/10

formbook vtkz evasion rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

44696d252000850d3ea71d9ae238aedc.exe

Resource

win7v20210408

formbook vtkz evasion rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

44696d252000850d3ea71d9ae238aedc.exe

Resource

win10-en

formbook vtkz evasion rat spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vtkz

C2

http://www.luxuriousshoestop.com/vtkz/

Decoy

todaynewsbuzz.com

bootwish.com

michelleortegawrites.com

tutorialme.com

daretoplaygames.com

telefonepantalla.com

advisorsoncall.life

marketingloisirs.com

cremationmtzionil.com

lgbtsuccess.com

cassandrawind.com

globaltradepay.com

thecafeart.com

starmobilehome.com

ugotshot.com

c03eeniom.store

afcerd.com

eleyhexs.com

utmmarhitzfil.com

saudiisrael.com

avanzanegocio.com

round-n.com

marketingdestatus.com

hibiskushomos.site

ignitemyboiler.com

lyofio.com

appltimized.com

mhughescreative.com

bournesolutionsgroup.com

byhollyb.com

space-holder.com

hchgroupconstruction.com

datamaticsbsl.com

vrsgw.com

erectwaves.com

playlinedomino.xyz

home-secure24.com

hausofdeme.com

jessejamesammo.com

theadventuringsmiths.com

expertsenegal.com

curemelaser.com

phatsarasinghapanich.com

mysacredone.com

out-n-play.com

us-m-patpat.com

nihilichor.com

revistadominga.com

q6talkspod.com

hoteltubsurroundinstallers.com

endlesshealthdiet.com

activwr.com

kalashaddict.com

sbo2008.com

anigloo.com

funtolearnthai.com

eflea.world

camisetasretrodefutbol.com

ycxswh.com

bhavishyalabs.com

hustlerhost.com

villasantonio.com

hedwig1000.com

casasruralesencazorla.com

Targets

- Target
  
  44696d252000850d3ea71d9ae238aedc
- Size
  
  1.0MB
- MD5
  
  44696d252000850d3ea71d9ae238aedc
- SHA1
  
  1fb61a1df500f9025641526cb4013d555b129a84
- SHA256
  
  1b39d6bf218028dfe7bc8254a3b1682804e9bf05b8298c708c318236f64ad986
- SHA512
  
  e1115a0a70b6d532633c1c60733a2aebbdc9e14863deaec7f6e15604c20f9f3ce3d36132ec2b814a4c774b25a6c4c8ccad4003724b98abead2be3f752b9d6314
Score

10^/10

formbook vtkz evasion rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Turns off Windows Defender SpyNet reporting
  evasion
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Formbook Payload
  rat
- Looks for VirtualBox Guest Additions in registry
  evasion
- Nirsoft
- Executes dropped EXE
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Drops startup file
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Disabling Security Tools

Bypass User Account Control

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookvtkzevasionratspywarestealertrojan

behavioral2

formbookvtkzevasionratspywarestealertrojan

© 2018-2024

Terms | Privacy