formbook | 30cf6019932ac33f1a53c417f1d562dd0ee0ef1588500962c6edafec3a340a32 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

EJ9wbX3RFyX19aq.exe
Size

617KB
Sample

240220-hx9yesdb31
MD5

954d05f0c308722129f2e4a26554758b
SHA1

01ad78f156adbf8ff6560f74ebcbed1f2ef06eed
SHA256

30cf6019932ac33f1a53c417f1d562dd0ee0ef1588500962c6edafec3a340a32
SHA512

fbe992522f152bed50c44ccbcd38a371a999fbf55b0d2222aaa1eba9649177ebe19e9c4455940bcbc15f81e4f1b999b3fbe4a31842954cbd1e4820c3566b540c
SSDEEP

12288:FgMPFA1uqHYB2LgxAcMKa+9Z/BLomCss5WycZ7UtKoH99ZBzPV707kNnduHEBw7G:60FAMqHYB2LiA+ZlomSwyc9oH3ZBbmYp

Score

10^/10

formbook cz30 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cz30

Decoy

valeriepuma.com

rentyourbag.com

unglesbyessure.com

ahzmjy.site

taazdelights.online

conexoesnews.com

istprimeway.com

elwf4tlu.shop

661.support

fournaisehk.com

glechiu.xyz

2r2pv2.shop

902523.rip

bruggicapy.com

westmobileautodeatailers.online

muaad.co

gridxsens.com

victoronedesigns.com

tecexpressbr.com

crea4net.com

Targets

- Target
  
  EJ9wbX3RFyX19aq.exe
- Size
  
  617KB
- MD5
  
  954d05f0c308722129f2e4a26554758b
- SHA1
  
  01ad78f156adbf8ff6560f74ebcbed1f2ef06eed
- SHA256
  
  30cf6019932ac33f1a53c417f1d562dd0ee0ef1588500962c6edafec3a340a32
- SHA512
  
  fbe992522f152bed50c44ccbcd38a371a999fbf55b0d2222aaa1eba9649177ebe19e9c4455940bcbc15f81e4f1b999b3fbe4a31842954cbd1e4820c3566b540c
- SSDEEP
  
  12288:FgMPFA1uqHYB2LgxAcMKa+9Z/BLomCss5WycZ7UtKoH99ZBzPV707kNnduHEBw7G:60FAMqHYB2LiA+ZlomSwyc9oH3ZBbmYp
Score

10^/10

formbook cz30 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookcz30ratspywarestealertrojan

behavioral2

formbookcz30ratspywarestealertrojan