formbook | 4a766df7df844e26bf42bb4018b1aec0877baf3c20d6af7079aa0c2893977b2f | Triage

Submit
Reports

Overview

overview

Static

static

5

Details of...24.exe

windows7-x64

Details of...24.exe

windows10-2004-x64

Sharing

General

Target

Details of Your Etisalat Summary Bill for the Month of May-2024.zip
Size

620KB
Sample

240528-hy758aad61
MD5

7234662c06842b61dbed887447abbcdc
SHA1

1cffc92a5dd903c734073c2cc73bd9d774d56ef0
SHA256

4a766df7df844e26bf42bb4018b1aec0877baf3c20d6af7079aa0c2893977b2f
SHA512

cb4c3baf28b4a65e7a56b83e6d45b862b90eeea58c9e68be5ec72066cb856266c1e6f1cc88fd3b81a5e83964a4f98501382a77f57e4e886cad5c38b7c0b02367
SSDEEP

12288:MrvGqm2LZ4HRnzH4Nlu3hFeEEkRf6coz4ez2uibq5B7nKQa2o:MbG6IzGQ3GEwcoz4eqq5B7Kyo

Score

10^/10

formbook da29 persistence rat spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Details of Your Etisalat Summary Bill for the Month of May-2024.exe

Resource

win7-20240215-en

formbook da29 persistence rat spyware stealer trojan

windows7-x64

12 signatures

1200 seconds

Behavioral task

behavioral2

Sample

Details of Your Etisalat Summary Bill for the Month of May-2024.exe

Resource

win10v2004-20240426-en

formbook da29 rat spyware stealer trojan

windows10-2004-x64

12 signatures

1200 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

da29

Decoy

kas-travel.com

hy1618.net

biosrch.com

sharvellestudio.com

56416.ooo

953700958.com

500051.com

clic.coach

veriosg.xyz

aptsafety.com

cucinaconestilo.com

sercettopper.com

diycoldplungetub.com

hostingopinion.com

mediatechnologysolutions.com

nodogwifnohat.com

ethpiee.com

tragaperrasbares.com

bbbcf.top

jtxu6.top

sorgulama95.shop

myconc.pro

okb-ar.net

thanhdoanacademy.com

rlyadventures.com

maestrolipari.com

digitaluxsolution.com

zituahmed.com

h5yfdgtg.top

whalesnorkelingmirissa.online

indxriim-firsaxtllari.com

fopoliswhlvtjv.top

iransarafan.com

usedata.monster

mnasjdqw66775jqwe09qwjsqwx.vip

aphropay.com

myfreedomlyfe.com

vytennow.com

micheleditrana.com

babycarrot.fun

maltepede.site

618dfyy21.com

flickzbiz.fun

sshihi.top

xsports108.com

ideiastransformadoras.com

aerotyneholdings.com

expandyourbusinessdigital.com

crown777login.com

wheepexpress.com

openshiftstore.com

xzdkzsaczp.xyz

cycmedb.com

9sh3j02g8j.com

cemeku.sydney

functionalfossils.com

kenguru.ink

classicsty.com

directadz.com

scuffedwrapz.com

oxmoz.art

rusticstores.com

vietcadao.com

ai-infinite.net

1wxir.com

Targets

- Target
  
  Details of Your Etisalat Summary Bill for the Month of May-2024.exe
- Size
  
  1.0MB
- MD5
  
  5cbe85014bd3a467c5d877780b4fd2c0
- SHA1
  
  88153e1c9f0832e4cb30ed0e0eb013bb229fe1bc
- SHA256
  
  134202829433d1fb9262976ef7da28a971f219eff5acafdf294fd4425e102981
- SHA512
  
  e62b634e7c1d20c1860b2e11db886fc382d082a75bc1613e922904baf6c7dc655ed6b6ea40b2a4269785195a1b296e4dd20e11e3d1079ff848c021ffc9c8b276
- SSDEEP
  
  24576:7AHnh+eWsN3skA4RV1Hom2KXMmHaVXxRz4mmq5B/K3Zi5:Wh+ZkldoPK8YaVhR8mmqHS+
Score

10^/10

formbook da29 persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Adds policy Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookda29persistenceratspywarestealertrojan

behavioral2

formbookda29ratspywarestealertrojan

© 2018-2024

Terms | Privacy