formbook | a703fd2372483e4bbb75bc96dd4f0f95c489eede136451016106eb6c62636658 | Triage

Submit
Reports

Overview

overview

Static

static

BANK_LET.exe

windows7_x64

BANK_LET.exe

windows10-2004_x64

Sharing

General

Target

a703fd2372483e4bbb75bc96dd4f0f95c489eede136451016106eb6c62636658
Size

1.2MB
Sample

220521-bqjpbsfcfq
MD5

a1244ca67b926fae807a19950991128f
SHA1

bfd56771284560488f9e28f65840880d7f130166
SHA256

a703fd2372483e4bbb75bc96dd4f0f95c489eede136451016106eb6c62636658
SHA512

25d36aac5e1fef344ddc1be9db97771e01597de9aa1ad3b36da9d5c6cb5188b9fa1b8902d6f5c161c20a3ad88d039de8f0f7cb828a9272824b7e325557132c4f

Score

10^/10

formbook 23v evasion persistence rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

BANK_LET.exe

Resource

win7-20220414-en

formbook 23v evasion persistence rat spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

BANK_LET.exe

Resource

win10v2004-20220414-en

formbook 23v evasion rat spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

23v

Decoy

1l4m-5qeh0cgx9a.com

portsel.com

vypnxg.men

renrenbaoshangcheng.com

hulebang.com

heatburnio.com

amazingthunderworks.com

quantumreapers.com

8801i.info

moonlightmanager.com

bqypm.info

backlinkbarato.com

jiudianhuixun.com

markerbio.net

empety.com

eternalkollection.com

teknoshift.com

petitenobel.net

zlmqv.info

emotionalcontrols.com

mitesserentferner.com

kqhqmgxzhklkoo.win

shanghaihuayu.com

gauqc.info

beheartratemonitoringwow.live

sarfarazusmani.com

hamptonandjones.com

mywealth.coach

universidade-online.com

vannuysland.com

studio815.salon

cryptofinance.services

rawholisticnutrition.com

myplusha.com

ritireewaj.com

experimenty-it.info

supremeondemand.com

profeschaneldesign.com

mrdude.tech

devereaux.us

concussionawareness.net

bookboardz.com

beyondcurosity.com

keeperofthebeesnwnj.com

schoolofintrovertship.com

miscowil.date

ysz688.com

eec-lean.com

hennryusa.com

cosmemia.com

faxist.com

odjmusica.com

hgx-bmc.com

mangaromance.com

badnoordzee.com

garden-scope.com

sippingnpaintingcolorado.net

fineveherforb-12.com

storeketo.com

crappie-fishing.com

uwumwx.info

wyalusingbeverage.com

jindiandj.com

minimalistvetonabudget.com

godhep.com

Targets

- Target
  
  BANK_LET.EXE
- Size
  
  339KB
- MD5
  
  86bb43248e3ad56e9a839cc6c7b03282
- SHA1
  
  30afc80c7a9d14fb54cd799b2b2d552c9f2e138d
- SHA256
  
  286add28a79440668077a7d762ee81ee169f1c08daa27bc680dbf8c8832d2785
- SHA512
  
  17716ec8e1dbee062a3534eab62e0ba4b793ec94d6f64043493dfddb8424bd0d6a7d792e26d628f86d6acbf18ba671817d30ba243ebbac5a7b4255f8e19a6cc1
Score

10^/10

formbook 23v evasion persistence rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Looks for VirtualBox Guest Additions in registry
  evasion
- Adds policy Run key to start application
  persistence
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
- Windows security modification
  evasion trojan
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbook23vevasionpersistenceratspywarestealersuricatatrojan

behavioral2

formbook23vevasionratspywarestealertrojan

© 2018-2024

Terms | Privacy