formbook | fe199e437de02d997427dfea4e864f386e12887c5ae16d2acc465417cd539521 | Triage

Sharing

General

Target

BNK0002334789532_USD28,770.00.exe
Size

637KB
Sample

221203-17x1qaec5y
MD5

d7efd600d714d6d2f6b7fadc6adec0c9
SHA1

ba35f96a741637af1d1319074396f1bf891f13e1
SHA256

fe199e437de02d997427dfea4e864f386e12887c5ae16d2acc465417cd539521
SHA512

f4e1558763fb4527ca464c7a7f8a533e4fa0d4725e97c956b83acd2ef503a056930526c6e1eeb28263d9e6bbc820be2fc110548e0ef8cd28dc003cfccfda8f18
SSDEEP

12288:90zcBpbKbfzdHP/FvT9mzyK8DzVlCxlASlDAMTQu1c66XZp+:9hbbKnlJRKyKUBExjjcp

Score

10^/10

formbook uxpe rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

uxpe

Decoy

a/CzoooH+7KLDxBh

pxq/4D9rqoY0CaqhS2ZJ3MoWxcQ=

54a97EJkYRruxKJBfg==

afibyRo7bSK3cepm9suqXQ==

2kIxy7hmdVItO11ceeC9

DsTkiAgZVGD7jykdq/ZFa8oWxcQ=

euyGFrS1t1r0xKJBfg==

ANUDttiRvXoVxcknM8L7cgli

vIWhu8Bb36VDR+udD2O2cn8=

CqdCYLyzwb5fWRlX5kY=

cis/39CB6vGMg5OqTrUoWvz177Fk

tl6GKyac14QX

HMzbyJUrUh3Ao80fOcr7cgli

7yKNGCGy57KLDxBh

hlormOKMBCD8uyrMw9QkUg==

3r/fZtwBUey8xw==

vlyJEwWudUHi2g==

214r37lXtmpLQWC0snrI5gjDdR0mPOKnDA==

YS1hgtPl0lz0xKJBfg==

3pa6XND7NgJ4Y3uxqO0nPnY=

Targets

- Target
  
  BNK0002334789532_USD28,770.00.exe
- Size
  
  637KB
- MD5
  
  d7efd600d714d6d2f6b7fadc6adec0c9
- SHA1
  
  ba35f96a741637af1d1319074396f1bf891f13e1
- SHA256
  
  fe199e437de02d997427dfea4e864f386e12887c5ae16d2acc465417cd539521
- SHA512
  
  f4e1558763fb4527ca464c7a7f8a533e4fa0d4725e97c956b83acd2ef503a056930526c6e1eeb28263d9e6bbc820be2fc110548e0ef8cd28dc003cfccfda8f18
- SSDEEP
  
  12288:90zcBpbKbfzdHP/FvT9mzyK8DzVlCxlASlDAMTQu1c66XZp+:9hbbKnlJRKyKUBExjjcp
Score

10^/10

formbook uxpe rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Blocklisted process makes network request
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookuxperatspywarestealertrojan

behavioral2

formbookuxperatspywarestealertrojan