formbook | 878b17fea5a31ad0ce61021cacba5be79f2130fa08165b768196a87eae4e6be9 | Triage

Sharing

General

Target

878b17fea5a31ad0ce61021cacba5be79f2130fa08165b768196a87eae4e6be9.exe
Size

52KB
Sample

230207-lbx9aadh9y
MD5

207fdcecc4c844004d064f7f7d25fb0f
SHA1

4a1b05f7cd8b3ba7c82f48ca8aeb10b264369c4c
SHA256

878b17fea5a31ad0ce61021cacba5be79f2130fa08165b768196a87eae4e6be9
SHA512

739ce29e9cf6d5cb25e22841bb28d0e0d825c452df49f3b15e9a0b2d275150f88da198566b540fc3d40c089cbd0dcd077f79620e4a2c2d1f7d9e13a5cb46499d
SSDEEP

768:EyH64NqpyLvO3klekO2Pco2YQ78QTEB6SrZdP545gkRUnqkAmZbI:w5pyLvLy2awvsSVBqukeqxEI

Score

10^/10

formbook scse rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

scse

Decoy

SKpYFyVNT2zunKf0uuM=

FlEHUseI7I5XbrO8fR/XBcS9ZA==

FPuxoUOxkLiATugw

VKdxsDSk0jdT5Kw=

FpqHf9iI/1tl97E=

YGI6sIl3UIxfZvlD+JiUuuLR

oBAEO0suBEAD5aK00A==

RKJqTzg4gQ/Q6DYSuTjDGkwuyl0ik5Kb8w==

VFg9s3W0/Ype8A3cZb+D7g==

hwD+VNd6014nrsaTWm4FBcS9ZA==

zkAdUq1soKYUfZaTqLmL

XVQ9WbRivUIQ477a/hKv+g==

QireF2geizAwmp674AGc5g==

PSTUQxs6j8OATugw

LHJhyy2VbX8NEqf0uuM=

MiY1vg6T3HqATugw

wqkUjaVXnGgBqA==

jUr/eUtSIT01Wegt

PjQidcqKzAbSZICUZb+D7g==

OkAmcv12sUEAIHwFHakzdIo2FPHw

Targets

- Target
  
  878b17fea5a31ad0ce61021cacba5be79f2130fa08165b768196a87eae4e6be9.exe
- Size
  
  52KB
- MD5
  
  207fdcecc4c844004d064f7f7d25fb0f
- SHA1
  
  4a1b05f7cd8b3ba7c82f48ca8aeb10b264369c4c
- SHA256
  
  878b17fea5a31ad0ce61021cacba5be79f2130fa08165b768196a87eae4e6be9
- SHA512
  
  739ce29e9cf6d5cb25e22841bb28d0e0d825c452df49f3b15e9a0b2d275150f88da198566b540fc3d40c089cbd0dcd077f79620e4a2c2d1f7d9e13a5cb46499d
- SSDEEP
  
  768:EyH64NqpyLvO3klekO2Pco2YQ78QTEB6SrZdP545gkRUnqkAmZbI:w5pyLvLy2awvsSVBqukeqxEI
Score

10^/10

formbook scse rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Blocklisted process makes network request
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookscseratspywarestealertrojan

behavioral2

formbookscseratspywarestealertrojan