formbook | fea591c91f4db5a9238525988d1844cf9d68331b4cf4425acedff0fb9fb9b2d7 | Triage

Submit
Reports

Overview

overview

Static

static

caietul de...ni.exe

windows7_x64

caietul de...ni.exe

windows10-2004_x64

Sharing

General

Target

fea591c91f4db5a9238525988d1844cf9d68331b4cf4425acedff0fb9fb9b2d7
Size

656KB
Sample

220521-b7s94adda3
MD5

c6d9b9f4525c166f772f738eb245b5ab
SHA1

86467edf38be38884c655cebf047df352e0d1150
SHA256

fea591c91f4db5a9238525988d1844cf9d68331b4cf4425acedff0fb9fb9b2d7
SHA512

ffd65e4a50f906a28ee17b20d25b489a00897f12a26a8a1ff4d7ae53612370d3deb28dcf1a2455ae0aeb5120b7c5feaa6f5cac9c0b455e5c3b910a8cc7c34739

Score

10^/10

formbook kvsz persistence rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

caietul de sarcini.exe

Resource

win7-20220414-en

formbook kvsz rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

caietul de sarcini.exe

Resource

win10v2004-20220414-en

formbook kvsz persistence rat spyware stealer suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kvsz

Decoy

okashyns.com

sbsgamedaejeon-two.com

drb77.com

top5dating.com

websprings.online

voizers.com

zenith.site

lahistoriade.com

qv85.com

armandonieto.com

priestvedic.com

jessandjeff.net

magic-desktop.com

jitaji.com

ldmeili.com

yuwanqingmy.com

buzhouorg.com

chaiseloungereviews.com

m2g8way.com

freespin-support.com

bocapvang.net

315px.com

eugeniobarros.tech

sif.email

xn--oorv2aj6bj7cds0d6p4b.com

polychips.com

grouptulip.win

landbank.site

bet365c.win

inbonz.com

outofthepark.today

jeaniney.com

weeip.com

dmoneylife.com

rticlubs.com

reisedating.com

marijuanadogbone.com

funippon.com

banknotesync.com

alexandre-boissard.com

valorartetattoo.com

savetheverse.com

specificpcshop.online

h0jt1y.accountant

jiqing3.com

alfaranakle.com

saft-store.com

wanderingcollective.com

santandermobi.online

557023.top

loulancaster.com

vedattelekom.com

jatinangorcity.com

goldencanaries.com

edgaralanbro.com

levelretail.com

taylorsandbek.com

upbeatnewyork.com

motoreselectricoschihuahua.com

hotair.wales

getawomantodoit.com

xiaoxiong365.com

cloudboxsupport.com

vecteur-u-shop.com

fex-tracks.com

Targets

- Target
  
  caietul de sarcini.exe
- Size
  
  790KB
- MD5
  
  f28ec13e3098402bc68fea894fd99053
- SHA1
  
  4c752327d2e9d1118e5daae6100dbeaceecfc987
- SHA256
  
  f4156e15b465020e6687a23a63eb4b7c84a18f90ead4665087c6c2e5a09b455d
- SHA512
  
  02703aa721ccbd210ba5fb46421f4c675266edf7a4c2b2e47bbca9b08845088d72e1656f38fcd5f010ad27da0adf395d2d63c11bde672f33f9168e6a847ea173
Score

10^/10

formbook kvsz rat spyware stealer trojan persistence suricata
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- suricata: ET MALWARE FormBook CnC Checkin (POST) M2
  suricata: ET MALWARE FormBook CnC Checkin (POST) M2
  suricata
- Formbook Payload
  rat
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookkvszratspywarestealertrojan

behavioral2

formbookkvszpersistenceratspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy