formbook | ea8636131cfb69ab935f05201fe8c285b53ccd379928825386b015ae7bb43809 | Triage

Sharing

General

Target

2.exe
Size

36KB
Sample

240606-kvmq8ada74
MD5

c2a39ff0162982b5b32cd40095681c40
SHA1

14a7a60b9dc574b066ea39f59d72711dab9639c0
SHA256

ea8636131cfb69ab935f05201fe8c285b53ccd379928825386b015ae7bb43809
SHA512

3452c2dfa51691cc5da766542630a87c6e68cf93e5094981ab8905f7696e0c3c45acbf8f4a09b4410a3d5848d29d00b431b4b904472d7dbd1ed63478404172a2
SSDEEP

768:pCpjO4tnumCBsT15CBHCrUCoTtBDtCYPB0t0/qigiltBN:OvnmCxXiltv

Score

10^/10

formbook btrd persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

btrd

Decoy

everslane.com

prairieviewelectric.online

dszvhgd.com

papamuch.com

8129k.vip

jeffreestar.gold

bestguestrentals.com

nvzhuang1.net

anangtoto.com

yxfgor.top

practicalpoppers.com

thebestanglephotography.online

koormm.top

criika.net

audioflow.online

380747.net

jiuguanwang.net

bloxequities.com

v321c.com

sugar.monster

Targets

- Target
  
  2.exe
- Size
  
  36KB
- MD5
  
  c2a39ff0162982b5b32cd40095681c40
- SHA1
  
  14a7a60b9dc574b066ea39f59d72711dab9639c0
- SHA256
  
  ea8636131cfb69ab935f05201fe8c285b53ccd379928825386b015ae7bb43809
- SHA512
  
  3452c2dfa51691cc5da766542630a87c6e68cf93e5094981ab8905f7696e0c3c45acbf8f4a09b4410a3d5848d29d00b431b4b904472d7dbd1ed63478404172a2
- SSDEEP
  
  768:pCpjO4tnumCBsT15CBHCrUCoTtBDtCYPB0t0/qigiltBN:OvnmCxXiltv
Score

10^/10

formbook btrd persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookbtrdpersistenceratspywarestealertrojan

behavioral2