formbook | 56e8e3a2d3330298f144767f1ef320fc3ecd1a968d47e8308486018dc224ea00 | Triage

Submit
Reports

Overview

overview

Static

static

56e8e3a2d3...00.exe

windows7-x64

56e8e3a2d3...00.exe

windows10-2004-x64

1

Sharing

General

Target

56e8e3a2d3330298f144767f1ef320fc3ecd1a968d47e8308486018dc224ea00
Size

624KB
Sample

220725-bpvefahaer
MD5

0c67efeca56fee9e1978a87161db87ad
SHA1

e54fa09cd9d897b8490de36033488c8c99687f82
SHA256

56e8e3a2d3330298f144767f1ef320fc3ecd1a968d47e8308486018dc224ea00
SHA512

3fb9dee3f078c28d8cf5f288a26e136b6a3f7664bec2b33d1f6835c367511a1e0cb1830318461d5003182c7fee3b3c5f64e54769db2d3c4b4fef591e5b3d3a95

Score

10^/10

formbook et persistence rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

56e8e3a2d3330298f144767f1ef320fc3ecd1a968d47e8308486018dc224ea00.exe

Resource

win7-20220718-en

formbook et persistence rat spyware stealer suricata trojan

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

56e8e3a2d3330298f144767f1ef320fc3ecd1a968d47e8308486018dc224ea00.exe

Resource

win10v2004-20220721-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

et

Decoy

filmeedt06.com

getbrave.net

tdshome.com

audioteck.net

eplogovi.com

verywedding.net

biqiba.com

learnandunderstand.science

jsgxcxae.com

9aop4k.link

laceycphotography.com

ldbberendsenreading.com

life365coaching.com

ambercampbell.photography

activeliberal.win

tupelocounseling.com

finovice.com

fantatressette.com

sojah.store

qhdljj.com

xiheifa.com

yourbostonrefinance.com

cyqunli.com

columbusvivint.info

foroozanmaqz.com

andipalmer.com

sif.tips

beautagram.com

k2qbed.com

thelovellcompany.com

oldladywithabrush.com

sinasmart.net

anaduquepereira.com

tzhmc.net

kemachine.com

550280.top

evalife.info

marlboro-sports.com

kalayab.download

shaoerjia.com

eatpes.net

immersive-journey.com

maybrooktaxiandlimo.info

studiodennis.com

step-reach.com

ru4dating.com

sdyy168.com

ihatelocates.net

ioce55.com

americatourbus.info

myethervvalett.com

tipshots.com

ggpc-co.com

shakethecow.com

dayfiler.com

wanggh.com

ingenuity.degree

onsitepsy.com

tamarindo.agency

xn--u9j234u82q.com

desert-snow-niigata.com

genericviagraonlinevxp.com

mm3xx.com

3dbusinessmodel.com

aamyz87.info

Targets

- Target
  
  56e8e3a2d3330298f144767f1ef320fc3ecd1a968d47e8308486018dc224ea00
- Size
  
  624KB
- MD5
  
  0c67efeca56fee9e1978a87161db87ad
- SHA1
  
  e54fa09cd9d897b8490de36033488c8c99687f82
- SHA256
  
  56e8e3a2d3330298f144767f1ef320fc3ecd1a968d47e8308486018dc224ea00
- SHA512
  
  3fb9dee3f078c28d8cf5f288a26e136b6a3f7664bec2b33d1f6835c367511a1e0cb1830318461d5003182c7fee3b3c5f64e54769db2d3c4b4fef591e5b3d3a95
Score

10^/10

formbook et persistence rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook payload
  rat
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbooketpersistenceratspywarestealersuricatatrojan

behavioral2

© 2018-2024

Terms | Privacy