formbook | ee21511b610cd2a154c85c04c0e3d88f82b0ee835afd51247a1a7e97900cd733 | Triage

Submit
Reports

Overview

overview

Static

static

8

ee21511b61...33.exe

windows7_x64

ee21511b61...33.exe

windows10-2004_x64

Sharing

General

Target

ee21511b610cd2a154c85c04c0e3d88f82b0ee835afd51247a1a7e97900cd733
Size

549KB
Sample

220201-db8q1sgba8
MD5

4c1fcf062199b6d092a450fcb0d8439e
SHA1

6379c769e997112874da5aa2b0695952e92a013c
SHA256

ee21511b610cd2a154c85c04c0e3d88f82b0ee835afd51247a1a7e97900cd733
SHA512

9bd29101a5aa4aad536ff5c2114140fcbc98682c4fcfd3b490ee086708e7f0ab4265a248032d31f0630dfd7b7a8bb6c20cba04b98255d18636bd945096268388

Score

10^/10

formbook jo persistence rat spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

ee21511b610cd2a154c85c04c0e3d88f82b0ee835afd51247a1a7e97900cd733.exe

Resource

win7-en-20211208

formbook jo rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ee21511b610cd2a154c85c04c0e3d88f82b0ee835afd51247a1a7e97900cd733.exe

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

jo

Decoy

equipoarbitral.info

isoexercise.com

interactivenetworksystems.com

mozexnews.com

vkebfdkg.com

learntoearn.live

quomagazine.com

milkeknappford.com

missdailia.com

basames2009.com

babybirthdaycheers.com

philadelhiaflyers.com

saamcm.net

deyiclinic.com

politicalrubbish.com

1e0eighthell.men

buenosairespadelcourt.com

womenjiao.com

lubb26261.com

bastacasinosvenska.com

tdoog.com

woodphoto.life

poloyoutoo.com

atlanticpressftp.com

airport-parking-gatwick.info

kerulong.com

visionedition.services

universityfunctioncaterers.com

globoanalytics.com

xn--xkro76a0wkfzi.com

nurses-school.rocks

sevilaykuaforguzellik.com

aufdemweg.one

kasa40.com

bestetikhair.com

kvkhbw.com

gtaira.com

ponysache.com

textladygaga.com

princenovelties.com

m76tfi.com

7hprd.com

earthlycollection.com

thankpjyou99.com

docgoog.info

segaled.com

mohammadarif.info

002dsi.info

nakamoto-cleaning.com

beautiful-gardening.com

vistalsupply.com

physiciangraph.com

xn--fiq64b88lft3e.com

tosssuccess.com

argino.net

lepashmina.com

southernsexygirls.com

hauhiud.info

posowa.com

helmut-jendraschkowitz.com

kendalrhodes.com

patagoniarubros.com

trainingespaliertrees.com

tmlol.com

macounty.com

Targets

- Target
  
  ee21511b610cd2a154c85c04c0e3d88f82b0ee835afd51247a1a7e97900cd733
- Size
  
  549KB
- MD5
  
  4c1fcf062199b6d092a450fcb0d8439e
- SHA1
  
  6379c769e997112874da5aa2b0695952e92a013c
- SHA256
  
  ee21511b610cd2a154c85c04c0e3d88f82b0ee835afd51247a1a7e97900cd733
- SHA512
  
  9bd29101a5aa4aad536ff5c2114140fcbc98682c4fcfd3b490ee086708e7f0ab4265a248032d31f0630dfd7b7a8bb6c20cba04b98255d18636bd945096268388
Score

10^/10

formbook jo rat spyware stealer trojan persistence
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Suspicious use of NtCreateProcessExOtherParentProcess
- Formbook Payload
  rat
- Sets service image path in registry
  persistence
- Deletes itself
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookjoratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy