formbook | 55ca03b4f0a73d8c2fb54ded501c1b537d70cd7dd7b11bc6760d0180afcea5e3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

20184887cc360cee738b358dd896d315.exe
Size

24KB
Sample

230802-v9en9shd8s
MD5

20184887cc360cee738b358dd896d315
SHA1

2e2cde781bef22778afe217ae92268b112e21196
SHA256

55ca03b4f0a73d8c2fb54ded501c1b537d70cd7dd7b11bc6760d0180afcea5e3
SHA512

c9e7b18872121a49908117f96a122b0ca420bef1fe6fa9701eeb8aebe872f97abf04396ae224acf8ec29b2bdc9e7bddfa7d72722df79f227eefff650d4a1da2a
SSDEEP

384:9xg8LhcvtTqguhLZxKsNKdEPpcclXmFr0kA1GMIvP3wxffH:9xg8LSvt+lhLXKm5PGIXW5nW

Score

10^/10

formbook bi62 persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bi62

Decoy

matchey.xyz

llrj17771.sbs

sdjunqiang.com

gfowpsux.click

onsitecomputers.net

dotrefdesk.com

ciayo113.click

assetpanea.com

tiendatodoonline.shop

izzicasinoofficialsite4.win

associacioadfrurals.cat

flyhoneybeefly.com

szsh56.com

bundlefabricate.top

xiaohanghang132.sbs

moke.zip

iebs7h.xyz

8965656.vip

lojassnobcalcados.com

bonnetwear.com

Targets

- Target
  
  20184887cc360cee738b358dd896d315.exe
- Size
  
  24KB
- MD5
  
  20184887cc360cee738b358dd896d315
- SHA1
  
  2e2cde781bef22778afe217ae92268b112e21196
- SHA256
  
  55ca03b4f0a73d8c2fb54ded501c1b537d70cd7dd7b11bc6760d0180afcea5e3
- SHA512
  
  c9e7b18872121a49908117f96a122b0ca420bef1fe6fa9701eeb8aebe872f97abf04396ae224acf8ec29b2bdc9e7bddfa7d72722df79f227eefff650d4a1da2a
- SSDEEP
  
  384:9xg8LhcvtTqguhLZxKsNKdEPpcclXmFr0kA1GMIvP3wxffH:9xg8LSvt+lhLXKm5PGIXW5nW
Score

10^/10

formbook bi62 persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

formbookbi62persistenceratspywarestealertrojan