formbook | 003763d1e0baa99e85d1fd1bc632f6179b11c655bc2a9350e6c151662c3ddd0e | Triage

Submit
Reports

Overview

overview

Static

static

NEW_PURC.exe

windows7_x64

NEW_PURC.exe

windows10-2004_x64

Sharing

General

Target

003763d1e0baa99e85d1fd1bc632f6179b11c655bc2a9350e6c151662c3ddd0e
Size

1.2MB
Sample

220521-pzrcesgcd2
MD5

facadf6676ed51686492001791c5431a
SHA1

4de352ac25a2b19313361f1906a8559db2114899
SHA256

003763d1e0baa99e85d1fd1bc632f6179b11c655bc2a9350e6c151662c3ddd0e
SHA512

7bd2b187f289d6633c6d30b76031456e62dcb71cdb705d35bd89b1508672336f517ad5cb4f49c84e554412a9add33e90c490486d53ad1f6acdceea01822c9c79

Score

10^/10

formbook gzl persistence rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

NEW_PURC.exe

Resource

win7-20220414-en

formbook gzl persistence rat spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

NEW_PURC.exe

Resource

win10v2004-20220414-en

formbook gzl persistence rat spyware stealer suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gzl

Decoy

abecoip.com

statecollegecarsales.com

jinshuweilan.com

arabiyyan.online

orientjudge.win

uone.ltd

kk7171.com

bpgcyffblaxuq.com

yohei-shiki-diet.com

xn--9krp13ejfj.com

meaningfulbook.net

flagshiptechnology.com

wiredlaw.legal

xn--5kvtwt8i.com

termokaynak.com

intelligentdredgers.com

internationalfoodconnectors.com

spokanenewsonline.com

shrpevfdwl.info

samuellartey.com

wedare-everywhere.com

junkcarsabc.com

youthleader.info

moritzhart.com

jackelkanderson.com

interactdining.com

befadingfast.com

gd567d.com

corsand.info

briarross.com

remodelingby.com

mshy.ltd

turquoisebuy.com

employmentwithapositive.com

secure-web-billing.com

missprettypicky.com

jmsjsb.com

feelgoodmarketing.online

damascussteel.net

dziembateam.com

zhaoshangchang.com

brainvalleybrc.com

conspiracyofkindnessevent.com

kerim.party

cheln30cm.review

schnyderfor.com

uniteagainstrape.com

encontroestadual.com

pvmime.com

adosmetrics.com

top3pot.info

entrophysics.net

houstonrebuilders.net

hechizoz.com

andyott.com

realtor4rialto.com

85agag.com

ledcorse.com

xcorn.net

twostepllc.com

victor18.com

simplyglamp.com

rjik7w.net

protego-solutions.com

nacemo.com

Targets

- Target
  
  NEW_PURC.EXE
- Size
  
  339KB
- MD5
  
  66308e9a33fa414a0d3594450e0291f5
- SHA1
  
  2015687b62b4a91512015c7b6d591c54b9dadf4e
- SHA256
  
  a975214d240d5a033bef864d482e7636de68c48d5e94434833289b7e56962bb2
- SHA512
  
  4396d49513addde95c3292a7dbed9e0b233003e439287419059e0d323f30a721c2db4c7a1af686e4f2ca0807939970f988b2258c934acba3ec7257bd7372608b
Score

10^/10

formbook gzl persistence rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Adds policy Run key to start application
  persistence
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookgzlpersistenceratspywarestealersuricatatrojan

behavioral2

formbookgzlpersistenceratspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy