formbook | 24528e0947a93e6d8d930a10c2027ae6c5b9505a4267c2c4b2b96e7fcf2a68b8 | Triage

Sharing

General

Target

24528e0947a93e6d8d930a10c2027ae6c5b9505a4267c2c4b2b96e7fcf2a68b8
Size

1.2MB
Sample

220521-m9dszadce7
MD5

1860f23b3a2224d9d70f8876b1b8ac78
SHA1

49d4979a90323c4534e164fd0f68e571c923eb9e
SHA256

24528e0947a93e6d8d930a10c2027ae6c5b9505a4267c2c4b2b96e7fcf2a68b8
SHA512

54bbc0674466b12e67ba46e12ef97174e483bf136517682a7aeb4ab308d85caabda7a3b6118f2d2a066faff7d1be455210eed4fb914977591d04ba0dfc05a99e

Score

10^/10

formbook gm1 persistence rat spyware stealer suricata trojan

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

gm1

Decoy

802477.com

theclippersofficial.com

mysticadventuresails.com

joshkaeding.com

www4915a.com

nicolasdumasxiii.com

transbagasputra.com

motherdaughter.date

truflorawellness.com

ff1q.com

elettronicasmart.com

obtes.com

pfamkyr.com

9ycpbr.info

gtitdunproductions.com

mashreviews.com

methvenonthemove.com

jinshavip38.com

theedgebizconnect.com

jessandalextietheknot.com

Targets

- Target
  
  01986720202889_pdf.exe
- Size
  
  1.7MB
- MD5
  
  0cf7425537bc937147f3e4bb528c0c4d
- SHA1
  
  2c57146f7279944ef474beaf700efc36a438cbe8
- SHA256
  
  72e42f1672249fbd4db20c17d5e29fba5838ef08cf0f6964d84ffc434ea46f27
- SHA512
  
  1cffc1cb1752d04a9422b723141373b804b3012b6e1c54b49ab6e25ad5b11cebfe522a11c86e44e27af97b21b96c1fc766c99f68b4afdef75fef4d82b38995c7
Score

10^/10

formbook gm1 persistence rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookgm1persistenceratspywarestealersuricatatrojan

behavioral2

formbookgm1persistenceratspywarestealersuricatatrojan