formbook | 79e6aa9fb18847e4c5b5e00dd742b3b00057d20bbede37f1c8740b21666b44e1

Analysis

max time kernel
64s
max time network
63s
platform
windows10_x64
resource
win10-20220414-en
submitted
06-07-2022 00:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79e6aa9fb18847e4c5b5e00dd742b3b00057d20bbede37f1c8740b21666b44e1.exe
Size

538KB
MD5

c0138bfa58d20206600eaf1657f95f75
SHA1

fa232e4df93c81093044ff552381d41ebcc5f443
SHA256

79e6aa9fb18847e4c5b5e00dd742b3b00057d20bbede37f1c8740b21666b44e1
SHA512

082a20109057787fdb3d8bfa5607e379c4d803d862367078e24a40018c3a6ed4fa3c09ce0c95152a169cfa98f2348c47e20af1cbf4b69dd164fcc6b9a80040bd

Score

10^/10

formbook bk19 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bk19

Decoy

parkersuite.com

quanzhujs.com

ofourfuture.com

palazzonutraceuticals.com

xowshfv.top

casinoguide.bet

kangdurian.com

luxurymainewaterfront.com

sdjyyy.com

uglymugvs.com

lawncaregeni.com

simproful.net

upskirts-tube.com

taiylormade.com

okyxx1k4w.digital

shop-marvel.direct

tecdiario.com

click2claim.xyz

2dot2dot.space

gercektarih.online

Signatures

Formbook
Formbook is a data stealing malware which is capable of stealing data.
trojan spyware stealer formbook

Formbook Payload 2 IoCs

rat

Processes:

resource	yara_rule
behavioral1/memory/4164-183-0x0000000000400000-0x000000000042F000-memory.dmp	formbook
behavioral1/memory/4164-184-0x000000000041F0D0-mapping.dmp	formbook

Suspicious use of SetThreadContext 1 IoCs

Processes:

79e6aa9fb18847e4c5b5e00dd742b3b00057d20bbede37f1c8740b21666b44e1.exe

description	pid	process	target process
PID 4656 set thread context of 4164	4656	79e6aa9fb18847e4c5b5e00dd742b3b00057d20bbede37f1c8740b21666b44e1.exe	79e6aa9fb18847e4c5b5e00dd742b3b00057d20bbede37f1c8740b21666b44e1.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

79e6aa9fb18847e4c5b5e00dd742b3b00057d20bbede37f1c8740b21666b44e1.exe

pid	process
4164	79e6aa9fb18847e4c5b5e00dd742b3b00057d20bbede37f1c8740b21666b44e1.exe
4164	79e6aa9fb18847e4c5b5e00dd742b3b00057d20bbede37f1c8740b21666b44e1.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

79e6aa9fb18847e4c5b5e00dd742b3b00057d20bbede37f1c8740b21666b44e1.exe

description	pid	process	target process
PID 4656 wrote to memory of 4164	4656	79e6aa9fb18847e4c5b5e00dd742b3b00057d20bbede37f1c8740b21666b44e1.exe	79e6aa9fb18847e4c5b5e00dd742b3b00057d20bbede37f1c8740b21666b44e1.exe
PID 4656 wrote to memory of 4164	4656	79e6aa9fb18847e4c5b5e00dd742b3b00057d20bbede37f1c8740b21666b44e1.exe	79e6aa9fb18847e4c5b5e00dd742b3b00057d20bbede37f1c8740b21666b44e1.exe
PID 4656 wrote to memory of 4164	4656	79e6aa9fb18847e4c5b5e00dd742b3b00057d20bbede37f1c8740b21666b44e1.exe	79e6aa9fb18847e4c5b5e00dd742b3b00057d20bbede37f1c8740b21666b44e1.exe
PID 4656 wrote to memory of 4164	4656	79e6aa9fb18847e4c5b5e00dd742b3b00057d20bbede37f1c8740b21666b44e1.exe	79e6aa9fb18847e4c5b5e00dd742b3b00057d20bbede37f1c8740b21666b44e1.exe
PID 4656 wrote to memory of 4164	4656	79e6aa9fb18847e4c5b5e00dd742b3b00057d20bbede37f1c8740b21666b44e1.exe	79e6aa9fb18847e4c5b5e00dd742b3b00057d20bbede37f1c8740b21666b44e1.exe
PID 4656 wrote to memory of 4164	4656	79e6aa9fb18847e4c5b5e00dd742b3b00057d20bbede37f1c8740b21666b44e1.exe	79e6aa9fb18847e4c5b5e00dd742b3b00057d20bbede37f1c8740b21666b44e1.exe

C:\Users\Admin\AppData\Local\Temp\79e6aa9fb18847e4c5b5e00dd742b3b00057d20bbede37f1c8740b21666b44e1.exe
"C:\Users\Admin\AppData\Local\Temp\79e6aa9fb18847e4c5b5e00dd742b3b00057d20bbede37f1c8740b21666b44e1.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4656

C:\Users\Admin\AppData\Local\Temp\79e6aa9fb18847e4c5b5e00dd742b3b00057d20bbede37f1c8740b21666b44e1.exe
"C:\Users\Admin\AppData\Local\Temp\79e6aa9fb18847e4c5b5e00dd742b3b00057d20bbede37f1c8740b21666b44e1.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4164-183-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4164-184-0x000000000041F0D0-mapping.dmp

Download
memory/4164-185-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4164-186-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4164-187-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4164-191-0x0000000001100000-0x0000000001420000-memory.dmp

Filesize
3.1MB

Download
memory/4656-145-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-120-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-117-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-118-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-119-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-150-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-121-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-122-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-123-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-151-0x0000000005500000-0x00000000059FE000-memory.dmp

Filesize
5.0MB

Download
memory/4656-125-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-126-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-127-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-128-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-129-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-130-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-131-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-132-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-133-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-134-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-135-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-136-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-137-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-138-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-139-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-140-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-141-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-142-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-143-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-144-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-115-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-146-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-147-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-148-0x0000000000610000-0x000000000069C000-memory.dmp

Filesize
560KB

Download
memory/4656-179-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-116-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-124-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-152-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-153-0x0000000005000000-0x0000000005092000-memory.dmp

Filesize
584KB

Download
memory/4656-154-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-155-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-156-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-157-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-158-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-159-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-160-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-161-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-162-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-163-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-164-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-165-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-166-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-167-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-168-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-169-0x0000000004EC0000-0x0000000004ECA000-memory.dmp

Filesize
40KB

Download
memory/4656-170-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-171-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-172-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-173-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-174-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-175-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-176-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-177-0x00000000054E0000-0x00000000054FC000-memory.dmp

Filesize
112KB

Download
memory/4656-114-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-178-0x0000000008370000-0x000000000837A000-memory.dmp

Filesize
40KB

Download
memory/4656-149-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4656-180-0x00000000085D0000-0x000000000863C000-memory.dmp

Filesize
432KB

Download
memory/4656-181-0x0000000008700000-0x000000000879C000-memory.dmp

Filesize
624KB

Download
memory/4656-182-0x0000000000750000-0x0000000000784000-memory.dmp

Filesize
208KB

Download