formbook | 1366af1721921e597d55c96ff1cc49dd0253869147f7dd6623ad2440ca5162d0 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004_x64

Sharing

General

Target

1366af1721921e597d55c96ff1cc49dd0253869147f7dd6623ad2440ca5162d0
Size

448KB
Sample

220616-24pqlshefk
MD5

30524a348e38eb991ddec856c6730cb1
SHA1

227255133555186de301a9c703203948aba45df0
SHA256

1366af1721921e597d55c96ff1cc49dd0253869147f7dd6623ad2440ca5162d0
SHA512

547b64cb54db7b00e2f8552b480aff59782e5272e513a76266fa5517154b359050f07e6d1b1018bd81e0632ce3e740ae1c0b75596eefe97f2d2068e2f3a005f6

Score

10^/10

formbook neshta s3s3 persistence rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

1366af1721921e597d55c96ff1cc49dd0253869147f7dd6623ad2440ca5162d0.exe

Resource

win10v2004-20220414-en

formbook neshta s3s3 persistence rat spyware stealer suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s3s3

Decoy

tvielotus.com

teesta.xyz

talentrecruitor.com

pamaungipb.com

xn--90ahkh6a6b8b.site

910carolina.com

toyotaecoyouth-dev.com

invetnables.com

gdexc.com

ssw168.com

householdmould.com

mqttradar.xyz

t333c.com

thepausestudio.com

evershedsutherlands.com

asbdataplus.com

preddylilthingz.com

jepwu.com

tvlido.com

artovus.com

trainingmagazineme.com

rettar.net

underneathstardoll.com

babipiko21.site

getvpsdime.com

accentsfurniture.com

cutdowns.tech

teklcin.online

sunshareesg.com

eventrewards.site

lacomunaperu.com

a-tavola.online

gshund.com

monsterflixer.com

896851.com

carpetlandcolortileflint.com

filmproduction.management

cherie-clinique.com

medjoker.com

grant-helpers.site

sussdmortgages.com

solaranlagen-forum.com

freecustomsites.com

h7578.com

ideadly.com

backend360.com

podgorskidesign.com

zilinsky.taxi

ourelevatetribe.com

thefitnesswardllc.com

eficazindustrial.com

thecovefishcamp.com

niuxy.com

myluxurypals.com

clinicadentalvelinta.com

dis99.com

crosswealth.xyz

itopjob.com

oandbcleaningservices.com

afri-solutions.com

paradiseoe.com

versionespublicas.com

b2lonline.com

usdcmeta.xyz

bense003.xyz

Targets

- Target
  
  1366af1721921e597d55c96ff1cc49dd0253869147f7dd6623ad2440ca5162d0
- Size
  
  448KB
- MD5
  
  30524a348e38eb991ddec856c6730cb1
- SHA1
  
  227255133555186de301a9c703203948aba45df0
- SHA256
  
  1366af1721921e597d55c96ff1cc49dd0253869147f7dd6623ad2440ca5162d0
- SHA512
  
  547b64cb54db7b00e2f8552b480aff59782e5272e513a76266fa5517154b359050f07e6d1b1018bd81e0632ce3e740ae1c0b75596eefe97f2d2068e2f3a005f6
Score

10^/10

formbook neshta s3s3 persistence rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookneshtas3s3persistenceratspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy