formbook | ce27c0a745f19a11fba15ad2dc58082f43f937887271561a59d832bf734babdc | Triage

Sharing

General

Target

7dea919335b7415145dcb694bac5f9eb_JaffaCakes118
Size

1020KB
Sample

240528-ww7csseg4x
MD5

7dea919335b7415145dcb694bac5f9eb
SHA1

91271d5025da4c67a45418d84237aa09bfef6c4a
SHA256

ce27c0a745f19a11fba15ad2dc58082f43f937887271561a59d832bf734babdc
SHA512

bef8688eb6ca0e1c2543e4897bb7cbafed6b08a2e92b0c19c358fe3b269fd4910c57d9654ce4ad8c4a9a773910af43c70b15da44aba9ea4eb2581bdd1529ceb5
SSDEEP

12288:2Q/FDJIvvde9nJYxDJIvvde9nJYq/qqg7jE3KScuJVGd8X4Tds:zIv0nJYDIv0nJYquQ3KmPGaX4Js

Score

10^/10

formbook ggb persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ggb

Decoy

meanwhileinselkirk.com

maxrho.com

175bb4.com

suzuki125.win

cyzj168.com

autosafeshield.com

ancamine.com

popdshop.com

weightday.com

liftoffresponder.com

mygreatzimbabwe.com

servizintegratisrls.com

xn--cckaav6fb9onfzf2c.tech

loanrates.online

trusthub.biz

meitaodaren.com

disney-vacation-hotels.com

6u58.com

naplesmeetsnewyork.com

dafa140.com

Targets

- Target
  
  7dea919335b7415145dcb694bac5f9eb_JaffaCakes118
- Size
  
  1020KB
- MD5
  
  7dea919335b7415145dcb694bac5f9eb
- SHA1
  
  91271d5025da4c67a45418d84237aa09bfef6c4a
- SHA256
  
  ce27c0a745f19a11fba15ad2dc58082f43f937887271561a59d832bf734babdc
- SHA512
  
  bef8688eb6ca0e1c2543e4897bb7cbafed6b08a2e92b0c19c358fe3b269fd4910c57d9654ce4ad8c4a9a773910af43c70b15da44aba9ea4eb2581bdd1529ceb5
- SSDEEP
  
  12288:2Q/FDJIvvde9nJYxDJIvvde9nJYq/qqg7jE3KScuJVGd8X4Tds:zIv0nJYDIv0nJYquQ3KmPGaX4Js
Score

10^/10

formbook ggb rat spyware stealer trojan persistence
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookggbratspywarestealertrojan

behavioral2

formbookggbpersistenceratspywarestealertrojan