formbook | ee8472c23be3d80594d5f4a12f2dd6140b5996cc8220fd3befe62391def68038 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

mkpub_ET2321000550.zip
Size

324KB
Sample

231003-vagpksdg5v
MD5

00a8e19caa00d45915b2068bc75711c0
SHA1

0e5f00c645d8b83cf8367e54d8597bc7de46867f
SHA256

ee8472c23be3d80594d5f4a12f2dd6140b5996cc8220fd3befe62391def68038
SHA512

e46b093feee4b2fed719eabf1b1d19bd837d8a1184d820bbdf27bf1a22a1cd9e9931a43f6cd41ea23252295b5955ad8b46bd10ab2bba49411827974384f2f64c
SSDEEP

6144:UH0dTF9hw1R8jxWzNoQKGGz5rELCmwptGmwx6uxBCrmdcIPiMyRApgvpJg/:UH0xhwb5zNoQKGGNrELLwWj6NcKMyRDq

Score

10^/10

formbook ge58 persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ge58

Decoy

squibbs10year.com

merchallqualitystorecenter.com

avylw.com

chubbysamericangrill.com

passionforfashionbyshivani.com

bergfors.email

hearing-tests-30868.bond

seattleaminals.net

gbxibeb.com

mhbalancenow.com

goliathhomesgroup.com

paradigmayazilim.com

esgaspol.com

qzoneqyt.shop

aieibook.com

best-rudderstack.life

cpd888.com

231564515.top

fairytailfigures.online

smartmarketadmin.com

Targets

- Target
  
  ET2321000550.exe
- Size
  
  338KB
- MD5
  
  d4ca2be4fd05ff8e64a606443144b0ee
- SHA1
  
  99070557e40ee161ec1468ae147f601e1073994d
- SHA256
  
  731884023aba6003836d2d19d064cb991b9e9cfe3c494fdb708ad30d32c4857b
- SHA512
  
  ae782f37a2b39c3f86b83cdcf423e954627567b0aa163666014cee30b8ef08f5f5828806d7e31cfa09f0e4e08dcf7d90e6b053d19a7e8238c1e5db4715aa7e2b
- SSDEEP
  
  6144:BnPdudwDsdEB9hw1R8pxWtNoYKGGzlBELCuwprGu+x6YxBCrmDcIPieyZApSvpaZ:BnPdwdAhwXhtNoYKGGhBELhwQX6DAKel
Score

10^/10

formbook ge58 persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookge58persistenceratspywarestealertrojan

behavioral2

formbookge58persistenceratspywarestealertrojan