formbook | d2ddd2a690b9ae6bc3698ff1dea0043c1c39d3edf33f908c213f24183070a227 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d2ddd2a690b9ae6bc3698ff1dea0043c1c39d3edf33f908c213f24183070a227
Size

414KB
Sample

221101-eq156afhc3
MD5

84dc0052c87e014ac98430cc8212861f
SHA1

64e47eb33423129192e0779926e0e7bdd6ee95e9
SHA256

d2ddd2a690b9ae6bc3698ff1dea0043c1c39d3edf33f908c213f24183070a227
SHA512

cfa50180f6dcc4ade77766dab44988f0f94331f0ba61764f515423a2fbdc927ec51fd3f8e158e646e8993231f1e6deaa81bfd56b270638999ed52ef33a2d6391
SSDEEP

6144:+EJ5HHF0GxXkBOteaMnY/qZ9XwfqQMhRvmi/xZEm/5JmUc7bNLYYnUuIHB:+4kEt1JiZBqqQapxZEUaUGpUp

Score

10^/10

formbook ubpr persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

ubpr

Decoy

ptpVli2do9q89N0=

+CSLnNslIIErRTE3deUw4HXnuqwqG4+WpQ==

5IBw+rDmyajH6J9b0Gc0

ITivu/UzzGQKCQ==

qNw+VJ7Ni+WT3pA2e/8=

6VzmXNT+607aCN1UmHCt1CjO

a+xfszZjSqdZhCfX5fXnJkJFIsuN8Ns=

DLyp4MD0xUCL6olI

kysKo0J45suL6olI

oE/eN+zqkP2lyG6YYSalUA==

Rko77gUFcKTQFA==

cW14AsnTkUOf0N6ODWjpj7S6nRI=

M9yx/sTJbmx2vzUeWQ==

SQJdWnStlfaz6J0M04r3MN8=

FLhBiiYfyjfZFOdgHU1SfmVhAGgV

nKgaME1YHRs+cHTkn4oI3ibO

vuZIRIyKMaBGiUl9iaiZxNc=

UPnZdBQV1nzxKB1N

iARlleEZxTSL6olI

w5hz+KfftpWkwox0yH7vo0GrwW7RjWVk

Targets

- Target
  
  d2ddd2a690b9ae6bc3698ff1dea0043c1c39d3edf33f908c213f24183070a227
- Size
  
  414KB
- MD5
  
  84dc0052c87e014ac98430cc8212861f
- SHA1
  
  64e47eb33423129192e0779926e0e7bdd6ee95e9
- SHA256
  
  d2ddd2a690b9ae6bc3698ff1dea0043c1c39d3edf33f908c213f24183070a227
- SHA512
  
  cfa50180f6dcc4ade77766dab44988f0f94331f0ba61764f515423a2fbdc927ec51fd3f8e158e646e8993231f1e6deaa81bfd56b270638999ed52ef33a2d6391
- SSDEEP
  
  6144:+EJ5HHF0GxXkBOteaMnY/qZ9XwfqQMhRvmi/xZEm/5JmUc7bNLYYnUuIHB:+4kEt1JiZBqqQapxZEUaUGpUp
Score

10^/10

formbook ubpr persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookubprpersistenceratspywarestealertrojan