formbook | 1aac0454c65f31df7b93e2059f4c6895f4fd5fb5c90c6465d45626c391efd864 | Triage

Submit
Reports

Overview

overview

Static

static

Anekgroup Order.exe

windows7_x64

Anekgroup Order.exe

windows10-2004_x64

Sharing

General

Target

1aac0454c65f31df7b93e2059f4c6895f4fd5fb5c90c6465d45626c391efd864
Size

456KB
Sample

220521-ncc1vagefp
MD5

7dda7b7a622537fa7838564b3a3d3c91
SHA1

dd5567d50fdaee01bef499ed4d6496d8c0e0e75d
SHA256

1aac0454c65f31df7b93e2059f4c6895f4fd5fb5c90c6465d45626c391efd864
SHA512

c574544133ee6fb6415a36c5e19f0d9b01e003e454e3d94232e0eef60ea3fb118e085c4d50e2d9a6ecca13b6505b1e6e9ecdfe4fdee55fa75d90f763724c1ee8

Score

10^/10

formbook xwqs persistence rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

Anekgroup Order.exe

Resource

win7-20220414-en

formbook xwqs persistence rat spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Anekgroup Order.exe

Resource

win10v2004-20220414-en

formbook xwqs persistence rat spyware stealer suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

xwqs

Decoy

miracledynamic.win

farshadzandi.com

cruisesociety.site

alluredecorate.com

topseptictanks.net

goodguysblogblack.com

xn--80aaexkk3ad8c.com

manbet22.net

ristohotelcastellani.com

vesinhvinhlong.com

fashion-phoenix.com

iferrara.expert

sellyourart.gallery

hayatmag.info

serafimasflowersparadise.com

4p1o3a.biz

maidonline.net

kuntaijinrong.com

makethebreastpumpnotsuck.com

europeansmartcapital.com

familyfolktales.com

thetowing.world

zulemalabra.com

yennyso.com

asmnb.com

aryabhisak.com

taqueriaelherradero.com

ilovebuz.cricket

streamone.studio

othreport.net

xvyhhx.download

stratz-consulting.com

flangeroofs.com

aspiresuccessconsulting.com

ohiorecoverypros.info

xn--igt54izq0a.com

mojzesz.email

ecosnus.com

robocroft.com

secengine.net

thczepam.com

studiopenelope.com

chrisrubino.net

immogecheck.com

pier39.news

studentcreditcardreviews.info

plombest.com

04sbw.com

vonkeppel.com

pastecolor.com

boot-kik.com

comegetsomevoip.com

arttextileduverdon.info

bestworldwatches.com

dimasjts.com

offerberg.com

cqchidu.com

luxeladybee.net

turismosaoluis.com

jubfps.site

bobandbertie.com

1i0fourapple.loan

pushinglovely.com

abacusfinancialgroupinc.com

mansiobok3.info

Targets

- Target
  
  Anekgroup Order.exe
- Size
  
  541KB
- MD5
  
  20ab5fd8a0b7cf071121621eb19c15be
- SHA1
  
  670d97686fced6266b1e0f83e743a4954da588f6
- SHA256
  
  f9105883e8b27ee7cfbe161616f341841f2b7e8c36f5d2b11796e0b002d86ad8
- SHA512
  
  005c7da154214e2f9ed8a24ea81462545d5e26d2a40a62787a114c2cc6d7aabdf41c2d27f133cef60c3d9770e4b04220a625c94138f843ebeb9673318f04131c
Score

10^/10

formbook xwqs persistence rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookxwqspersistenceratspywarestealersuricatatrojan

behavioral2

formbookxwqspersistenceratspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy