formbook | 7ec471bff3b6d2a908d526be87f5b5c6889900d880b902ced36ba401c3b54f4f | Triage

Submit
Reports

Overview

overview

Static

static

Gkauepj.exe

windows7_x64

Gkauepj.exe

windows10-2004_x64

Sharing

General

Target

7ec471bff3b6d2a908d526be87f5b5c6889900d880b902ced36ba401c3b54f4f
Size

566KB
Sample

220521-nwaptsebg8
MD5

618bc21afef7328c3e74f53487719f63
SHA1

3f9f7addc3147654eb7a7883107df10427b932d4
SHA256

7ec471bff3b6d2a908d526be87f5b5c6889900d880b902ced36ba401c3b54f4f
SHA512

a2191ec899e454a2aaf09149e3b189fbd15661b10b9f58705770200e951b1569781acc6122014fadb682f47115f90bfdb011be01a80bdd1867b4d6067c7833a1

Score

10^/10

formbook dgb6 persistence rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

Gkauepj.exe

Resource

win7-20220414-en

formbook dgb6 persistence rat spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Gkauepj.exe

Resource

win10v2004-20220414-en

formbook dgb6 persistence rat spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dgb6

Decoy

fxocn.com

900900b.com

luciananunez.com

ibcrecruiment.com

saffireups.com

bisuoyj.com

hourofcoed.com

invalidlogingacc.com

airaguevara.net

411edupreneurship.com

angbaidia.com

xn--49s29u.ink

snorkellingcouses.com

apxelim.com

harveyarch.com

wfsettlemet.com

7gongzuoshi.com

aladiesmassage.com

bigboss-marcelo.com

cbdfreebiz.info

maltempire.com

lifemeaning.win

yahfind.com

perfectkw.com

syrustaveras.com

snowhiteaditi.com

best-konto.com

airfaas.com

santply.com

artfromthestart.net

membersonly.info

nike-du.com

mountainvibesco.com

vindataonline.com

canpfp.com

ikenbrown.com

readyforsalebrisbane.com

imagocket.net

ramaist.com

1shoppingonlineusa.com

tammicooper.com

blockchainwealth.group

findyourstreethomes.com

pat-testingsurrey.com

diasporakouzina.net

paulsturmanphotography.com

blacktasty.com

prodottitipicidellemarche.com

thepaintingteacherblog.com

ababrain.net

xn--5brw2j09hdy3d.com

306manbet.com

aripamz.info

viakofi.info

melicharter.net

stirmarine.com

craveiteats.com

fakenewstheplay.com

marketbuilders.info

thegoodlifetraveller.com

zufangtimes.com

e-prezent.com

imajoven.com

pecolla.com

regulars7.info

Targets

- Target
  
  Gkauepj.exe
- Size
  
  1.1MB
- MD5
  
  23fa47d1c4f4ab3084b9bd6ea926bb16
- SHA1
  
  26e854c6a1ee7af3f8a282caf06610b76ce21db9
- SHA256
  
  0efa7703690d3fe9df70c81d7dea974aa710c7c55a76fd50e6a050bc76698d89
- SHA512
  
  4be080d2a86c01dd084dcbf4a4fcc7bfd5457f75d5fecbb70092b5703fee6f94f4a5aeda4831272eee19a346eb5ee96475af787fa45ad90be49e007bd68bd8a9
Score

10^/10

formbook dgb6 persistence rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Adds policy Run key to start application
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

formbookdgb6persistenceratspywarestealersuricatatrojan

behavioral2

formbookdgb6persistenceratspywarestealertrojan

© 2018-2024

Terms | Privacy