formbook | 1734985df87235e747cf465d2d8d192f609275a7193a723764c8654b47357083 | Triage

Sharing

General

Target

SecuriteInfo.com.Trojan.DownloaderNET.345.13381.27886.exe
Size

673KB
Sample

221205-cykr2agf37
MD5

e7ac037813e0f4fa8d32974a542a2d08
SHA1

093356469b8932c6168e43d427127d7ed5b56af4
SHA256

1734985df87235e747cf465d2d8d192f609275a7193a723764c8654b47357083
SHA512

e0fe51b1c332d763318cfcb486280d6c7af34486d01dbec9b8b994bf7a69270194ad243299f01788f5781ae5fbe99575dc89bd126d90abac27c186efee14ee33
SSDEEP

12288:xZNfbYhbXbqhf/groDmU2md5mq6yCCDEa4RUOyV0eeoWtO6TGhAh:HNfqbXbqhf/ioDmXgmq6yYaAgOeeoWt/

Score

10^/10

formbook ctap rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

ctap

Decoy

7fuiHU5O7pBugItrXtDlRbQzVNAypQ==

Ioe4Ezkvrkk5SljtGsXC

7SdYmzWqxYzoB10eYg==

87z12VKpqmy0nXHtGsXC

frPRoZR38nhTXl/tGsXC

JybcU3xwAWn21yEPd4XnKA==

B6LTKeV3SeQZAg==

9iFOJSEVtE+I6ea4tn6M72ANGm3K

bROuHdVCVl63QIZuI2etey+ugP0=

25FDh/Be3fhaReK+BwZm9aY+og==

ipYbazKawI7oB10eYg==

Y3ONgI2GHcStmm5WhEZCsE/GlNJovg==

NMjp1U2zzpPoB10eYg==

ZZOygHxoGkBxNTz1RnI=

Hy1dkswBcyQh

94qXZbB1+8ciD4Q=

JUhyQ8Fxl+4gBA==

7wuj4eTJFutgR7+k1R8mIA==

Nj3QJ1RBulY2AMS/1R8mIA==

LjFXk8zI5vgdq8N6ropiNA==

Targets

- Target
  
  SecuriteInfo.com.Trojan.DownloaderNET.345.13381.27886.exe
- Size
  
  673KB
- MD5
  
  e7ac037813e0f4fa8d32974a542a2d08
- SHA1
  
  093356469b8932c6168e43d427127d7ed5b56af4
- SHA256
  
  1734985df87235e747cf465d2d8d192f609275a7193a723764c8654b47357083
- SHA512
  
  e0fe51b1c332d763318cfcb486280d6c7af34486d01dbec9b8b994bf7a69270194ad243299f01788f5781ae5fbe99575dc89bd126d90abac27c186efee14ee33
- SSDEEP
  
  12288:xZNfbYhbXbqhf/groDmU2md5mq6yCCDEa4RUOyV0eeoWtO6TGhAh:HNfqbXbqhf/ioDmXgmq6yYaAgOeeoWt/
Score

10^/10

formbook ctap rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Blocklisted process makes network request
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookctapratspywarestealertrojan

behavioral2

formbookctapratspywarestealertrojan