formbook | 4e985458976378ce5866b7631c0bd0ecf259d246b3c9b7f6e12b144efcf855b8 | Triage

Sharing

General

Target

4e985458976378ce5866b7631c0bd0ecf259d246b3c9b7f6e12b144efcf855b8
Size

173KB
Sample

220118-vjxgdscbd9
MD5

26c5dc4002976b3b9ae49f2440929df4
SHA1

e43a8d51eacb148ed0cfa2d88b229bf212493eab
SHA256

4e985458976378ce5866b7631c0bd0ecf259d246b3c9b7f6e12b144efcf855b8
SHA512

a3789050060c85a77c48631ec7ab564d0244b49c4e513a388f7f2fbd57a1ad669ffa21b1c87a18daeb4655fe964906c92269dd461c18269fff4660adc5ef188d

Score

10^/10

formbook oh75 persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oh75

Decoy

denizgidam.com

6cc06.com

charlottewaldburgzeil.com

medijanus.com

qingdaoyiersan.com

datcabilgisayar.xyz

111439d.com

xn--1ruo40k.com

wu6enxwcx5h3.xyz

vnscloud.net

brtka.xyz

showztime.com

promocoesdedezenbro.com

wokpy.com

chnowuk.online

rockshotscafe.com

pelrjy.com

nato-riness.com

feixiang-chem.com

thcoinexchange.com

Targets

- Target
  
  4e985458976378ce5866b7631c0bd0ecf259d246b3c9b7f6e12b144efcf855b8
- Size
  
  173KB
- MD5
  
  26c5dc4002976b3b9ae49f2440929df4
- SHA1
  
  e43a8d51eacb148ed0cfa2d88b229bf212493eab
- SHA256
  
  4e985458976378ce5866b7631c0bd0ecf259d246b3c9b7f6e12b144efcf855b8
- SHA512
  
  a3789050060c85a77c48631ec7ab564d0244b49c4e513a388f7f2fbd57a1ad669ffa21b1c87a18daeb4655fe964906c92269dd461c18269fff4660adc5ef188d
Score

10^/10

formbook oh75 persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookoh75persistenceratspywarestealertrojan