formbook | f86258665b68d70e83397ac4ef17598c552b994dd13f26b8208c4d40b8e94816 | Triage

Sharing

General

Target

Siparis onayi.09826272882.exe
Size

777KB
Sample

211014-l83v2aghc9
MD5

ec4945b27f81624b5293543cc03885e5
SHA1

98702dd3ae9571c627615d6cb7137156381d1886
SHA256

f86258665b68d70e83397ac4ef17598c552b994dd13f26b8208c4d40b8e94816
SHA512

70156ed777e9650e4a37ce8794df62b7b08852e331edd798c388430abc33616cc2f608b0a8c92295d97f87be3d31297c6e921946841d967c7254a98d30cd57f8

Score

10^/10

formbook bc3s persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bc3s

C2

http://www.topei-products.com/bc3s/

Decoy

anna-ng.com

mariangelamata.com

szqnbl.com

nesherguitars.com

mysekrit.com

againbeautyviensui.xyz

appf.life

bilalsolution.com

technoratii.com

11restoran.com

birthingly.com

crystalcarrillo.com

cohenasset.info

bunchofdesign.com

highstreetmag.com

talentkerning.com

outdoor-glassesadvice.com

aliceeety.com

habbuhot.info

pao91.com

Targets

- Target
  
  Siparis onayi.09826272882.exe
- Size
  
  777KB
- MD5
  
  ec4945b27f81624b5293543cc03885e5
- SHA1
  
  98702dd3ae9571c627615d6cb7137156381d1886
- SHA256
  
  f86258665b68d70e83397ac4ef17598c552b994dd13f26b8208c4d40b8e94816
- SHA512
  
  70156ed777e9650e4a37ce8794df62b7b08852e331edd798c388430abc33616cc2f608b0a8c92295d97f87be3d31297c6e921946841d967c7254a98d30cd57f8
Score

10^/10

formbook bc3s persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookbc3spersistenceratspywarestealertrojan

behavioral2

formbookbc3spersistenceratspywarestealertrojan