formbook | 92def0a070b0a1a1aa3c2b1ae43b197906d69a87014636106f1614e496a45c37 | Triage

Sharing

General

Target

92def0a070b0a1a1aa3c2b1ae43b197906d69a87014636106f1614e496a45c37
Size

316KB
Sample

221121-ltr5zshc6x
MD5

3aa0e6e99975a48bcec1d2baf1f7bd36
SHA1

5e49f0fc1f352b896305996dad3c05d8c2e69b21
SHA256

92def0a070b0a1a1aa3c2b1ae43b197906d69a87014636106f1614e496a45c37
SHA512

51cfb187147f55699e23e916c98a0bfe129e458ed275ca3ed90efee6bcf922c87d27ed7ed0fb23be7406a8a1a8efa872a1694c5cf379ac95138ff99306cedf20
SSDEEP

6144:HT5V3EklozCalSsWJrzt8ZGEl9BzSPiQ9oRnmU+qJ8gCIMh:HT5V0XCtsyeZHh2PiQ9o/+qJ8gCIMh

Score

10^/10

formbook tu7g rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

tu7g

Decoy

fbbktzFKN8MB1h8=

FPidEXGfkl0WqgXoVhHehw==

iHEjIL7XwJdpN6Er4Evhu03o

fHQTMsjqD3cPpQ==

VDXmCsr22oYhshz/Fg305nF21Q==

j4ZHfk5rRf6tVtwbMRU=

AORqAXKWy4R+//VwFdB6VVk=

9PW0Yw9RkIfer5+/bum7nlxwy1QfDQ==

ZU8mUjRgSOn3d0eFD3puQgVpnaAj

nlHgT2aJaMMB1h8=

+qc6XcgwdjVsEgKQ2zT+

/gCHJbBZrWjx1OZN40Hhu03o

48dX+WeLWAjFZMR2lItP8bJ87X4=

+N6H9VVzix7uogI=

Jf/NAPQe+8we7uftVhHehw==

YmANk8T+ix7uogI=

GTKxpLAYsJTl

pT8FM/QacYAV/+VInxn0

8JAnF9PnyZA29xH3Iw==

8ZdFPhCvGxYBxRCTqtB6VVk=

Targets

- Target
  
  92def0a070b0a1a1aa3c2b1ae43b197906d69a87014636106f1614e496a45c37
- Size
  
  316KB
- MD5
  
  3aa0e6e99975a48bcec1d2baf1f7bd36
- SHA1
  
  5e49f0fc1f352b896305996dad3c05d8c2e69b21
- SHA256
  
  92def0a070b0a1a1aa3c2b1ae43b197906d69a87014636106f1614e496a45c37
- SHA512
  
  51cfb187147f55699e23e916c98a0bfe129e458ed275ca3ed90efee6bcf922c87d27ed7ed0fb23be7406a8a1a8efa872a1694c5cf379ac95138ff99306cedf20
- SSDEEP
  
  6144:HT5V3EklozCalSsWJrzt8ZGEl9BzSPiQ9oRnmU+qJ8gCIMh:HT5V0XCtsyeZHh2PiQ9o/+qJ8gCIMh
Score

10^/10

formbook tu7g rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Blocklisted process makes network request
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooktu7gratspywarestealertrojan