formbook | 1deac5c42c5c12f811a14593da40c7589da9274b67086ac62174498923c893fa | Triage

Submit
Reports

Overview

overview

Static

static

1deac5c42c...fa.exe

windows7_x64

1deac5c42c...fa.exe

windows10-2004_x64

Sharing

General

Target

1deac5c42c5c12f811a14593da40c7589da9274b67086ac62174498923c893fa
Size

213KB
Sample

220612-2yw8haegb4
MD5

1af681084e3d0b909e8ff56e4cee3c80
SHA1

fc8532c8feb0ce096e761020678744824dc1607c
SHA256

1deac5c42c5c12f811a14593da40c7589da9274b67086ac62174498923c893fa
SHA512

b9d0d1cb4cf3ac31f0b5f772e8e7dcdd5c13b9410dc52d22dfa42c6d34f98b13582319688a52c3f85bc0d2f46782f621ded3cdd70be1401846b2fc2ee449e4bf

Score

10^/10

formbook sh persistence rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

1deac5c42c5c12f811a14593da40c7589da9274b67086ac62174498923c893fa.exe

Resource

win7-20220414-en

formbook sh persistence rat spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1deac5c42c5c12f811a14593da40c7589da9274b67086ac62174498923c893fa.exe

Resource

win10v2004-20220414-en

formbook sh rat spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

sh

Decoy

studiogoparty.com

furi-mold.com

cdicoun-tombola.info

elizabethlhall.com

nakayama-hanasai.com

9910pe.com

iraqbreakingnews.com

91fyy.com

intersafetyland.com

dddadditive.com

gewuan.net

ikwxanxb.click

shenghangdianzi.com

nuskinmemory.com

sonrel-julie.com

rapidlegalcenter.com

jcldsp.com

dibamoviez.net

sochuan66.com

platformoneclothing.com

vandenbergpol.com

farmagf.com

xn--sjq656oa.net

bostonrefinanceboard.com

dannymetal.email

rcnxg.info

miaoshahui.net

sianakuwait.com

soundsquaremusic.com

liputan66.com

office365esafety.group

bolababy.net

saltiestoftheearth.com

goculer.com

mindbodysoulfoodie.com

tamsueva.info

givingartgallery.com

onlinestore.ninja

sanftemassagen.com

lafourmibatisseuse.com

200767.top

christina-kenel.com

burocratastijuana.com

herosofharvey.com

libelle-le.com

zecstb.men

jxkysd.com

yejiajun.com

social123marketing.com

simplelifeorganic.com

tjkaizhen.com

estableg.info

cyrilportmann.com

ntstiffins.com

717385y.info

ellamcd.com

cnxt.social

iotaagriculture.com

frankpilates.net

flytart.com

watch-zone.tech

yigitay.net

bubbleshootgames.com

cosmiceggpack.com

drylipc.com

Targets

- Target
  
  1deac5c42c5c12f811a14593da40c7589da9274b67086ac62174498923c893fa
- Size
  
  213KB
- MD5
  
  1af681084e3d0b909e8ff56e4cee3c80
- SHA1
  
  fc8532c8feb0ce096e761020678744824dc1607c
- SHA256
  
  1deac5c42c5c12f811a14593da40c7589da9274b67086ac62174498923c893fa
- SHA512
  
  b9d0d1cb4cf3ac31f0b5f772e8e7dcdd5c13b9410dc52d22dfa42c6d34f98b13582319688a52c3f85bc0d2f46782f621ded3cdd70be1401846b2fc2ee449e4bf
Score

10^/10

formbook sh persistence rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Adds policy Run key to start application
  persistence
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookshpersistenceratspywarestealersuricatatrojan

behavioral2

formbookshratspywarestealertrojan

© 2018-2024

Terms | Privacy