formbook | c729aff36bcb598af78110b8f93e368103d89f281b2eabbc51949bf2e444a872 | Triage

Submit
Reports

Overview

overview

Static

static

1

roo3t46.exe

windows10_x64

roo3t46.exe

windows10-2004_x64

Sharing

General

Target

roo3t46.exe_
Size

247KB
Sample

220127-vn9mhsgcbp
MD5

3c96571096bf0cb7e3ab94ebbb5a5e6e
SHA1

e2eceeb56bc9488599a1258a768902949d6eb2f1
SHA256

c729aff36bcb598af78110b8f93e368103d89f281b2eabbc51949bf2e444a872
SHA512

84210e059eb31cf8f163ed58edc7e1057793e79a54f09eeb503613f63ec50baf05736179ceea808e6a6ebfee0198faff973f65ab47fb5189436153c13379db9c

Score

10^/10

formbook rv12 persistence rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

roo3t46.exe

Resource

win10-en-20211208

formbook rv12 rat spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

roo3t46.exe

Resource

win10v2004-en-20220112

formbook rv12 persistence rat spyware stealer suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rv12

Decoy

alsahger-store.com

luoboapp1.com

zjblmp.com

alreem-mall.com

wholesalemakeupmiamigarden.com

getevencattlecompany.com

fttmachinery.com

rauqe2m.xyz

pikeddetail-toglancetoday.info

apparessenza.com

g2367.com

advid-creativ.agency

mariobet399.com

seaforesthealth.com

autopilotinjury.net

jinchengdingjs.com

pigeoncontrolfarmington.com

mallorganicwealthgive.com

shicclothing.com

diwakarredhu.com

degenerated.xyz

sinwaeh.online

terrasconcept.com

quintasyranchosvip.com

isstuplennobuyno.xyz

web-news24.com

stellavonna.com

mdhandymanservices.com

proelitegaming.com

aivaras.xyz

jiangsuaituo.com

f1-metaverse.com

xn--nicorn-2ya.com

stoolhops.com

zbdu.info

wwg1wga.space

oakridgeranch.net

housetter.site

built-rite-mfg.com

byronfastfoodsaberdeen.com

xk8blvb0a7il.xyz

qgyp.xyz

duoyuns.com

cancerdietplan.com

dqczwmhg.com

fermecoopdumoulin.com

hopeu.info

dubstepisbad.com

neosoultrain.com

globaldigitalcity.asia

duijntractors.com

tsbqzlpnl.store

lipstikinc.com

ckllective.xyz

tljykj.com

mmjsnz.com

elregionalperiodico.com

canxs58c.xyz

enrobloxnuy.xyz

thelightshows.com

michaelkaack.com

aipharaohnft.com

mynextrealtor.com

fasthvacsolutions.com

talkingcakes.xyz

Targets

- Target
  
  roo3t46.exe_
- Size
  
  247KB
- MD5
  
  3c96571096bf0cb7e3ab94ebbb5a5e6e
- SHA1
  
  e2eceeb56bc9488599a1258a768902949d6eb2f1
- SHA256
  
  c729aff36bcb598af78110b8f93e368103d89f281b2eabbc51949bf2e444a872
- SHA512
  
  84210e059eb31cf8f163ed58edc7e1057793e79a54f09eeb503613f63ec50baf05736179ceea808e6a6ebfee0198faff973f65ab47fb5189436153c13379db9c
Score

10^/10

formbook rv12 rat spyware stealer suricata trojan persistence
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookrv12ratspywarestealersuricatatrojan

behavioral2

formbookrv12persistenceratspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy