formbook | 586746a650d17bf479d4acda752b2fd59db221c8beaf4e4ec167db15531c55b4 | Triage

Sharing

General

Target

586746a650d17bf479d4acda752b2fd59db221c8beaf4e4ec167db15531c55b4
Size

403KB
Sample

220221-2desqabbg2
MD5

e4ecab4d7d29e36a7ea373edebf22c5f
SHA1

2ec826e2a78a71e1837a716e9208eca273872663
SHA256

586746a650d17bf479d4acda752b2fd59db221c8beaf4e4ec167db15531c55b4
SHA512

860e3633e9ed8529afeb676b8871ce9dc02ddd82e775b992d7b9cf6d612732c24cc22983a1064e4a254b245886f9c32de51529da1d356b87c68d7c573f5403f0

Score

10^/10

formbook n7ak persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

n7ak

Decoy

audereventur.com

huro14.com

wwwjinsha155.com

antiquevendor.com

samuraisoulfood.net

traffic4updates.download

hypersarv.com

rapport-happy-wedding.com

rokutechnosupport.online

allworljob.com

hanaleedossmann.com

kauai-marathon.com

bepbosch.com

kangen-international.com

zoneshopemenowz.com

belviderewrestling.com

ipllink.com

sellingforcreators.com

wwwswty6655.com

qtumboa.com

Targets

- Target
  
  yeni siparis pdf.exe
- Size
  
  855KB
- MD5
  
  b66417695e3a8844a9ee9fa5828bfd8c
- SHA1
  
  701f2da68cfe095527a6c66fd6aee55204eb57d9
- SHA256
  
  8f10623db4fc1e8289a02e94db58942a94a25c59a06e559fa910094da3db7e9d
- SHA512
  
  98121e7d46376026499e450c519d012e721a14b075e46e711b077a7beb507a77dc3a4e4264cd9e52346c88e56a8607235e942f29be504f72d837e8de7dba242d
Score

10^/10

formbook n7ak persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Adds policy Run key to start application
  persistence
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookn7akpersistenceratspywarestealertrojan

behavioral2

formbookn7akpersistenceratspywarestealertrojan