formbook | 7fa778a38b6adbec2ed8ca4e50d2971c4f135c1bf3b7c24a9adb8f86d3ad2ec5 | Triage

Sharing

General

Target

SecuriteInfo.com.Trojan.DownloaderNET.345.21626.32453.exe
Size

684KB
Sample

221208-y9jj1abd59
MD5

0379ae001c1c573492d6691c94d2a540
SHA1

f92b3c78bb2170074ae40f92743432ef10d55f06
SHA256

7fa778a38b6adbec2ed8ca4e50d2971c4f135c1bf3b7c24a9adb8f86d3ad2ec5
SHA512

d1137357639c3c55460cde25047a4f9706c5ab6501b996cff0ffc30468d4f534da9433218d0a7a4b1c7c2badaf3e44e786443c0b9543b0cc7868f19d28257658
SSDEEP

12288:Zrl405A0lVmc7QFRj+ppGLVXcw1916s5cIGdbT0POkCU4H011Q+T3l+zj:BplVTE/9KC916s5cIMkCUFqC3wzj

Score

10^/10

formbook 4u5a rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

4u5a

Decoy

Y9HWoINcPu0r7SSSKt4FCmk7

G/E64auYdhRQM4wZW2bcOaY=

bL57APty/StRpW49a+EdxA==

TppryJ0SoslHe8gJFVc=

HXxDShYIEcUJDahdv2nvl5Hlbp4=

EKaq5c6w0nV3WWlEqM4Www==

VM+YjE8XS1OLcH1roYF4zA==

OwK0wxmBGnq2Fg==

B1zy4bulyfY9tj9DK2eIkeYArpTt

Avj5JeA8m9girqfQ4+cZxA==

AOY4dmDFkCdX8HUJMw==

5cQUw3pPMYr07V8=

P7ZsN4/zt63AEw==

FYyVCOpB8Vl//kSkDLPo91Yy

jxwZTBp+5gcsccPxDF+K4bDG2Rpp0A==

iGx9AO58DRhZbXX9

prwVyLkAtlhSU6irmansg8wArpTt

uqa8ZPl+FFObOkdFNg==

tL4OhF22EDaEOkdFNg==

6exH76Z9o7eu/n86vgPE

Targets

- Target
  
  SecuriteInfo.com.Trojan.DownloaderNET.345.21626.32453.exe
- Size
  
  684KB
- MD5
  
  0379ae001c1c573492d6691c94d2a540
- SHA1
  
  f92b3c78bb2170074ae40f92743432ef10d55f06
- SHA256
  
  7fa778a38b6adbec2ed8ca4e50d2971c4f135c1bf3b7c24a9adb8f86d3ad2ec5
- SHA512
  
  d1137357639c3c55460cde25047a4f9706c5ab6501b996cff0ffc30468d4f534da9433218d0a7a4b1c7c2badaf3e44e786443c0b9543b0cc7868f19d28257658
- SSDEEP
  
  12288:Zrl405A0lVmc7QFRj+ppGLVXcw1916s5cIGdbT0POkCU4H011Q+T3l+zj:BplVTE/9KC916s5cIMkCUFqC3wzj
Score

10^/10

formbook 4u5a rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Blocklisted process makes network request
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbook4u5aratspywarestealertrojan

behavioral2

formbook4u5aratspywarestealertrojan