formbook | 20f07f9db62afe07a6a3b025487624ef260d2a2ef5043417986e5334556e517b | Triage

Submit
Reports

Overview

overview

Static

static

20f07f9db6...7b.exe

windows7_x64

20f07f9db6...7b.exe

windows10-2004_x64

Sharing

General

Target

20f07f9db62afe07a6a3b025487624ef260d2a2ef5043417986e5334556e517b
Size

426KB
Sample

220612-l64dsagdfp
MD5

cb783c9daff07c32ea86f1bbf2a32aa7
SHA1

67695f79d67dad3068b33216cdc1492b66d7602a
SHA256

20f07f9db62afe07a6a3b025487624ef260d2a2ef5043417986e5334556e517b
SHA512

4c33ef083ea76477fc55873ff55f5d8fbcb0634d21787be6afcc024f8f69f96b201974a77ed88c6ccb5a2b8d70521b9da9bf25d402e26f3ada421e5253109346

Score

10^/10

formbook sh persistence rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

20f07f9db62afe07a6a3b025487624ef260d2a2ef5043417986e5334556e517b.exe

Resource

win7-20220414-en

formbook sh rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

20f07f9db62afe07a6a3b025487624ef260d2a2ef5043417986e5334556e517b.exe

Resource

win10v2004-20220414-en

formbook sh persistence rat spyware stealer suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

sh

Decoy

studiogoparty.com

furi-mold.com

cdicoun-tombola.info

elizabethlhall.com

nakayama-hanasai.com

9910pe.com

iraqbreakingnews.com

91fyy.com

intersafetyland.com

dddadditive.com

gewuan.net

ikwxanxb.click

shenghangdianzi.com

nuskinmemory.com

sonrel-julie.com

rapidlegalcenter.com

jcldsp.com

dibamoviez.net

sochuan66.com

platformoneclothing.com

vandenbergpol.com

farmagf.com

xn--sjq656oa.net

bostonrefinanceboard.com

dannymetal.email

rcnxg.info

miaoshahui.net

sianakuwait.com

soundsquaremusic.com

liputan66.com

office365esafety.group

bolababy.net

saltiestoftheearth.com

goculer.com

mindbodysoulfoodie.com

tamsueva.info

givingartgallery.com

onlinestore.ninja

sanftemassagen.com

lafourmibatisseuse.com

200767.top

christina-kenel.com

burocratastijuana.com

herosofharvey.com

libelle-le.com

zecstb.men

jxkysd.com

yejiajun.com

social123marketing.com

simplelifeorganic.com

tjkaizhen.com

estableg.info

cyrilportmann.com

ntstiffins.com

717385y.info

ellamcd.com

cnxt.social

iotaagriculture.com

frankpilates.net

flytart.com

watch-zone.tech

yigitay.net

bubbleshootgames.com

cosmiceggpack.com

drylipc.com

Targets

- Target
  
  20f07f9db62afe07a6a3b025487624ef260d2a2ef5043417986e5334556e517b
- Size
  
  426KB
- MD5
  
  cb783c9daff07c32ea86f1bbf2a32aa7
- SHA1
  
  67695f79d67dad3068b33216cdc1492b66d7602a
- SHA256
  
  20f07f9db62afe07a6a3b025487624ef260d2a2ef5043417986e5334556e517b
- SHA512
  
  4c33ef083ea76477fc55873ff55f5d8fbcb0634d21787be6afcc024f8f69f96b201974a77ed88c6ccb5a2b8d70521b9da9bf25d402e26f3ada421e5253109346
Score

10^/10

formbook sh rat spyware stealer trojan persistence suricata
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- suricata: ET MALWARE FormBook CnC Checkin (POST) M2
  suricata: ET MALWARE FormBook CnC Checkin (POST) M2
  suricata
- Formbook Payload
  rat
- Adds policy Run key to start application
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookshratspywarestealertrojan

behavioral2

formbookshpersistenceratspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy