formbook | 2d40f472fa610ec9068b1bb4d057ca2293e2389fe7915acd2237b6df85e9b6b3 | Triage

Submit
Reports

Overview

overview

Static

static

dce983778e...f2.exe

windows7_x64

dce983778e...f2.exe

windows10_x64

Sharing

General

Target

dce983778e604b799e0470fd69e833f2
Size

174KB
Sample

220121-xkskyabadl
MD5

dce983778e604b799e0470fd69e833f2
SHA1

b97b22599b0b87bab09f24a7531c89d4cf35f5c2
SHA256

2d40f472fa610ec9068b1bb4d057ca2293e2389fe7915acd2237b6df85e9b6b3
SHA512

bac7da0e8730d35e1c160c22e578c93f70a7d75cf700874b8ab485b3c0056848e6c39ebe19f8dafe19dd8b379b4fb655c974593782a1a181172a735ca88a5416

Score

10^/10

formbook oh75 persistence rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

dce983778e604b799e0470fd69e833f2.exe

Resource

win7-en-20211208

formbook oh75 persistence rat spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

dce983778e604b799e0470fd69e833f2.exe

Resource

win10-en-20211208

formbook oh75 persistence rat spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oh75

Decoy

denizgidam.com

6cc06.com

charlottewaldburgzeil.com

medijanus.com

qingdaoyiersan.com

datcabilgisayar.xyz

111439d.com

xn--1ruo40k.com

wu6enxwcx5h3.xyz

vnscloud.net

brtka.xyz

showztime.com

promocoesdedezenbro.com

wokpy.com

chnowuk.online

rockshotscafe.com

pelrjy.com

nato-riness.com

feixiang-chem.com

thcoinexchange.com

fuelrescuereponse.com

digitaltunic.com

cellefill.com

paulbau.com

camillebeckman.xyz

ilico-media.com

603sa.com

firstechfedcu.com

koreaglp.com

thebeardedbrocksblends.com

musumeya-kotora.com

tocoteacanada.com

travelwitharden.com

diversamenteclinica.com

bw613.com

qe46.com

spectrumelectrolysis.com

maloyenterprises.com

inovasyon.xyz

remijoe.com

petsgallie.com

metagiphydownload.online

tigerdieect.com

jamedomp.com

peninsularbottling.com

1383fx.com

pandeymasala.online

spoilnet.com

itweu.com

ankxbi.icu

lm-safe-keepingyuchand92.xyz

dreamdsjoceo.com

providentview.com

newchinafortpayne.com

wu6bvnrlz4ra.xyz

intrasvp.com

ghoul-ambrose.com

alltenexpress.com

oniray.com

sistemaparadrogaria.com

zeidrei514-nifty.xyz

excaliburteacher.com

jennyandsteven.com

zakcotransportationllc.com

wwwccsuresults.com

Targets

- Target
  
  dce983778e604b799e0470fd69e833f2
- Size
  
  174KB
- MD5
  
  dce983778e604b799e0470fd69e833f2
- SHA1
  
  b97b22599b0b87bab09f24a7531c89d4cf35f5c2
- SHA256
  
  2d40f472fa610ec9068b1bb4d057ca2293e2389fe7915acd2237b6df85e9b6b3
- SHA512
  
  bac7da0e8730d35e1c160c22e578c93f70a7d75cf700874b8ab485b3c0056848e6c39ebe19f8dafe19dd8b379b4fb655c974593782a1a181172a735ca88a5416
Score

10^/10

formbook oh75 persistence rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookoh75persistenceratspywarestealersuricatatrojan

behavioral2

formbookoh75persistenceratspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy