formbook | cbce721b186a5ebb1a2c51249571d8021cc67c019a0cfbc0cef73fd1de48708e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c352208b986b71d83fdc059413c236f0.exe
Size

215KB
Sample

221102-byjdjahbfr
MD5

c352208b986b71d83fdc059413c236f0
SHA1

24e6775ed6e4beb4235cc0604d6627a055aefbc1
SHA256

cbce721b186a5ebb1a2c51249571d8021cc67c019a0cfbc0cef73fd1de48708e
SHA512

0928857e3fcc4addb2787a9bc2ff99f1287e5e8d958d180adf6cb6c619571b54e551e51d1668aa68e3eda1beb3b887dd95b3a4dbad2d933d25d100db8370521a
SSDEEP

6144:qweEpws+7aOJr52ZvqBHtT69I83TEKX6eorwr:bwz71FIAB83TGeoMr

Score

10^/10

formbook b47h persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b47h

Decoy

whistleblow-now.com

14live-msa.one

yenitedarikciniz.xyz

marmargoods.com

full-funs.com

saoraigne.com

noemiaguesthouse.space

datatobe.community

sollight.net

wavestudios.pro

freeorama.com

fasinixiaoribenguizi032.com

mariajaq.com

hyper.vote

aedin.dev

docind.com

zhulinx.com

estairon.best

mlnphotography.art

1948ardithdr.com

Targets

- Target
  
  c352208b986b71d83fdc059413c236f0.exe
- Size
  
  215KB
- MD5
  
  c352208b986b71d83fdc059413c236f0
- SHA1
  
  24e6775ed6e4beb4235cc0604d6627a055aefbc1
- SHA256
  
  cbce721b186a5ebb1a2c51249571d8021cc67c019a0cfbc0cef73fd1de48708e
- SHA512
  
  0928857e3fcc4addb2787a9bc2ff99f1287e5e8d958d180adf6cb6c619571b54e551e51d1668aa68e3eda1beb3b887dd95b3a4dbad2d933d25d100db8370521a
- SSDEEP
  
  6144:qweEpws+7aOJr52ZvqBHtT69I83TEKX6eorwr:bwz71FIAB83TGeoMr
Score

10^/10

formbook b47h persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookb47hpersistenceratspywarestealertrojan

behavioral2

formbookb47hpersistenceratspywarestealertrojan