formbook | 74cb4ffa84249a18ca95cd781bd121a166e2902161a8918d645fa3d6b59032ec | Triage

Sharing

Copy URL Twitter E-mail

General

Target

74cb4ffa84249a18ca95cd781bd121a166e2902161a8918d645fa3d6b59032ec
Size

6KB
Sample

220922-mnb29abca8
MD5

ca997af70e0e7ba134bd85015d945684
SHA1

0d2972cf028063d8086fc6207537d8d1796993b7
SHA256

74cb4ffa84249a18ca95cd781bd121a166e2902161a8918d645fa3d6b59032ec
SHA512

836c667aba467655a52a1c13f6d8a4eff844af3aedb115dea2a77244d9294cf605d7030ffc9d30e200c5010251aa78cbe8e5265daebee8c4a0cd107ff3253fc9
SSDEEP

96:Y9B4W3rc9NCOsyO/jaUF/o1QtlyJrVY7F/CFnU:Y973rUCOFCjXIQS4F/H

Score

10^/10

formbook te2r persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

te2r

Decoy

Fd9/7zupFcFsmNMDWQ==

7VlRReDWtbu4LUTd5fNe/zPDyw==

jQgurOY8oCSzrjSP+2/F1jU=

xTMzpNwUaiHAy4+Anaz1

RcLapxVS9iOZhw==

lfLSnVItJp+5ImXLvcrLFTUXRmDxTnik

vj9fMOxFLjrOtdhP1GZo0KXIQ388

/91mgBbtxFIxtQk=

4FZ0aRyH/rEdFibAy+VjQyWIUIZaHBQ=

ScHdt3/t4FIxtQk=

/M9svqdL9iOZhw==

iFX1abANxkj893bVWA==

KzjvVANMpiTBmg==

aEKKEue7E9JtmNMDWQ==

+Mdhw6992svnUbzeo5y0zSn+B2co

albc98wrE0xtKjOoOOQ=

DV6CgU6omcjeZ6bJEG/F1jU=

NH981rm1JdyUNRd1

yi0xIqrxV83bmNMDWQ==

v8l52aXp4VIxtQk=

Targets

- Target
  
  74cb4ffa84249a18ca95cd781bd121a166e2902161a8918d645fa3d6b59032ec
- Size
  
  6KB
- MD5
  
  ca997af70e0e7ba134bd85015d945684
- SHA1
  
  0d2972cf028063d8086fc6207537d8d1796993b7
- SHA256
  
  74cb4ffa84249a18ca95cd781bd121a166e2902161a8918d645fa3d6b59032ec
- SHA512
  
  836c667aba467655a52a1c13f6d8a4eff844af3aedb115dea2a77244d9294cf605d7030ffc9d30e200c5010251aa78cbe8e5265daebee8c4a0cd107ff3253fc9
- SSDEEP
  
  96:Y9B4W3rc9NCOsyO/jaUF/o1QtlyJrVY7F/CFnU:Y973rUCOFCjXIQS4F/H
Score

10^/10

formbook te2r persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookte2rpersistenceratspywarestealertrojan