formbook | fb9ff8cbde506cb2cfdb40e88fe3fd6877a2e9945a71f07c7252647271763e71 | Triage

Resubmissions

30/12/2022, 03:53

221230-efty4aab7y 10

29/12/2022, 16:16

221229-tqsaksdd99 10

Sharing

General

Target

fb9ff8cbde506cb2cfdb40e88fe3fd6877a2e9945a71f07c7252647271763e71.exe
Size

840KB
Sample

221229-tqsaksdd99
MD5

837fd128d246ccb07647515dd273f4f9
SHA1

8fa22f3f426216aa7f1301d127582aa7434c9d4b
SHA256

fb9ff8cbde506cb2cfdb40e88fe3fd6877a2e9945a71f07c7252647271763e71
SHA512

19f668b337f08ce16e831fe811876edf632d9e5c06b3d311bd9c7057c480fbe3ba2fc1c9d446cba4b755d375dff7bdbcd80224223b79204ce7324de19fd665c1
SSDEEP

12288:UZ/fiJLRc2evo2Ursov0KT4zHsyYgH/PT134slbbHl2qPVGNbTuMuKBD7hpvA/N:JAo/s7HsynTB4ATST0sDdIN

Score

10^/10

formbook et2d rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

et2d

Decoy

wcaconline.com

travelbackpackss.com

ao-m-nishinomiya.com

tilania.com

vegbydesign.net

mybabysisterscloset.com

sanctitude-cuspidated.com

russtybeats.com

dichvubangchuan.com

su-seikatu.info

eratosantorini.com

ninetofivemama.com

delishany.com

pawchamamapet.net

nissicloud.com

strictlyotaku.net

kissmanga.pro

appalachianfx.com

aralending.com

forbrighterlife.com

Targets

- Target
  
  fb9ff8cbde506cb2cfdb40e88fe3fd6877a2e9945a71f07c7252647271763e71.exe
- Size
  
  840KB
- MD5
  
  837fd128d246ccb07647515dd273f4f9
- SHA1
  
  8fa22f3f426216aa7f1301d127582aa7434c9d4b
- SHA256
  
  fb9ff8cbde506cb2cfdb40e88fe3fd6877a2e9945a71f07c7252647271763e71
- SHA512
  
  19f668b337f08ce16e831fe811876edf632d9e5c06b3d311bd9c7057c480fbe3ba2fc1c9d446cba4b755d375dff7bdbcd80224223b79204ce7324de19fd665c1
- SSDEEP
  
  12288:UZ/fiJLRc2evo2Ursov0KT4zHsyYgH/PT134slbbHl2qPVGNbTuMuKBD7hpvA/N:JAo/s7HsynTB4ATST0sDdIN
Score

10^/10

formbook et2d rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooket2dratspywarestealertrojan