formbook | 01e091955a83ba50c3b6324a89c6007d77798134465e1189cc3259906785262b | Triage

Sharing

General

Target

01e091955a83ba50c3b6324a89c6007d77798134465e1189cc3259906785262b.exe
Size

1.2MB
Sample

240522-r1eq5aef7y
MD5

ae2709b53bbe59af6094b3721d2e43e4
SHA1

85dd2c7acf90d25e656598d30008bc77f3d4a60b
SHA256

01e091955a83ba50c3b6324a89c6007d77798134465e1189cc3259906785262b
SHA512

9c62a99a932e173939614c638d524ce33ee68b5985eda8e9737f07584a8c9f40c8b13b42b206d6a221092bdd2aa39a5ab3860a3ca6a877282578e2bf587d124b
SSDEEP

24576:LiTAD3InHT6elgPzH6s5K4Z3LpNnp+JNwIl7TaTpCGCcYjb:LeM3LjgTv5T09nYjb

Score

10^/10

formbook gy14 persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gy14

Decoy

mavbam.com

theanhedonia.com

budgetnurseries.com

buflitr.com

alqamarhotel.com

2660348.top

123bu6.shop

v72999.com

yzyz841.xyz

247fracing.com

naples.beauty

twinklethrive.com

loscaseros.com

creditspisatylegko.site

sgyy3ej2dgwesb5.com

ufocafe.net

techn9nehollywoodundead.com

truedatalab.com

alterdpxlmarketing.com

harborspringsfire.com

Targets

- Target
  
  01e091955a83ba50c3b6324a89c6007d77798134465e1189cc3259906785262b.exe
- Size
  
  1.2MB
- MD5
  
  ae2709b53bbe59af6094b3721d2e43e4
- SHA1
  
  85dd2c7acf90d25e656598d30008bc77f3d4a60b
- SHA256
  
  01e091955a83ba50c3b6324a89c6007d77798134465e1189cc3259906785262b
- SHA512
  
  9c62a99a932e173939614c638d524ce33ee68b5985eda8e9737f07584a8c9f40c8b13b42b206d6a221092bdd2aa39a5ab3860a3ca6a877282578e2bf587d124b
- SSDEEP
  
  24576:LiTAD3InHT6elgPzH6s5K4Z3LpNnp+JNwIl7TaTpCGCcYjb:LeM3LjgTv5T09nYjb
Score

10^/10

formbook gy14 persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Adds policy Run key to start application
  persistence
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

formbookgy14persistenceratspywarestealertrojan

behavioral2

formbookgy14ratspywarestealertrojan