formbook | cdcad4e6bf31338fa80cac158d6225a9253184ae6344a77416e0ae7fa0993619 | Triage

Submit
Reports

Overview

overview

Static

static

????? ??? ...??.exe

windows7_x64

????? ??? ...??.exe

windows10-2004_x64

Sharing

General

Target

cdcad4e6bf31338fa80cac158d6225a9253184ae6344a77416e0ae7fa0993619
Size

398KB
Sample

220520-ry949agga2
MD5

5bd15749e0d34ea8de1206af9734023d
SHA1

5c55e3c37935e68bf9a6f5f3c0b470897c97cf83
SHA256

cdcad4e6bf31338fa80cac158d6225a9253184ae6344a77416e0ae7fa0993619
SHA512

e24ead489a0777c74624c06f18ca0877bf992944f94a82d43cc30d9f40fd3ed37decff0995d2d61ec0459f5e897d3e5da8bc86c323f8ca2bc509f79fff17ea35

Score

10^/10

formbook modiloader 3nop persistence rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

????? ??? ??????????? ?????? ???.exe

Resource

win7-20220414-en

formbook 3nop persistence rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

????? ??? ??????????? ?????? ???.exe

Resource

win10v2004-20220414-en

formbook 3nop persistence rat spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

3nop

Decoy

bakecakesandmore.com

shenglisuoye.com

chinapopfactory.com

ynlrhd.com

liqourforyou.com

leonqamil.com

meccafon.com

online-marketing-strategie.biz

rbfxi.com

frseyb.info

leyu91.com

hotsmail.today

beepot.tech

dunaemmetmobility.com

sixpenceworkshop.com

incrediblefavorcoaching.com

pofo.info

yanshudaili.com

yellowbrickwedding.com

paintpartyblueprint.com

capricorn1967.com

meucarrapicho.com

41230793.net

yoghurtberry.com

wv0uoagz0yr.biz

yfjbupes.com

mindfulinthemadness.com

deloslifesciences.com

adokristal.com

vandergardetuinmeubelshop.com

janewagtus.com

cloudmorning.com

foresteryt01.com

accident-law-yer.info

divorcerefinance.guru

wenxiban.com

589man.com

rockerdwe.com

duftkerzen.info

igametalent.com

yoursafetraffictoupdates.review

jialingjiangpubu.com

maximscrapbooking.com

20sf.info

shadowlandswitchery.com

pmbnc.info

shoppingdrift.online

potashdragon.com

ubkswmpes.com

064ewj.info

rewsales.com

dealsforyou.tech

ziruixu.com

naehascloud.com

smokvape.faith

sunflowermoonstudio.com

stepgentertainment.com

tawbj.info

besthappybuds.net

koohshoping.com

ajikrentcarsurabaya.com

jkjohnsroofingfl.com

whatsnexttnd.com

yoyodvd.com

joomlas123.info

Targets

- Target
  
  ????? ??? ??????????? ?????? ???.exe
- Size
  
  1.2MB
- MD5
  
  67b1e695bae2dfd1ffe6d1a85141509f
- SHA1
  
  0ad01e9af94cb6ce3247d9b5f09b2655f4b486dc
- SHA256
  
  c5ccddfa0f7ee807513279b0195460cd48f3b36f2154c93ff3945fe30c647dde
- SHA512
  
  a90f986a2cd2dc0e18050a8006c0d19bd76f714c12546fa7b91485b59dee1031b51674049d127f05aee896337c9e758625132f763e534cc30cf549e07972f4b9
Score

10^/10

formbook 3nop persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Adds policy Run key to start application
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

formbook3noppersistenceratspywarestealertrojan

behavioral2

formbook3noppersistenceratspywarestealertrojan

© 2018-2024

Terms | Privacy