formbook | 1968771402227e2db604f63085104459de416107146f4d21a50c6e6e866f4324 | Triage

Sharing

General

Target

808bc55dfd04bde28b5a81eeffa1be00N.exe
Size

1.7MB
Sample

240813-kaqx5staqf
MD5

808bc55dfd04bde28b5a81eeffa1be00
SHA1

1ac47e1d51466f5031b1096d40816abb90d36668
SHA256

1968771402227e2db604f63085104459de416107146f4d21a50c6e6e866f4324
SHA512

e8b2d3e05adcb2da69780f1a4cea88c7f830d9d9d3a41abacc2cdf22b06ed5992a77a61e142c2622e210bd981fa20f710183aa2efa164b60d3c6aaed4f227c59
SSDEEP

24576:0G/gSI7uzvdh53ATay0Lu9fE124K2Gzo/Xyhp4HtNLpTGLRvO4x:dgruLMayJWao/XC6B

Score

10^/10

formbook dcn0 credential_access discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

dcn0

Decoy

ZVx68vDtAMBCwg==

oBMBvsNORkM/O/ox

Ff9pISWkm6eG4lByIspp

c2T42c6CIIF6B8xTxm9XzpVw

bvjhxRbnAC183w==

0lTttSNG4HUDNflyIspp

hPXFlstqiHA/O/ox

WLR+MeerxZ0cNn1ja+IQAYo=

IHRn4xXOVKi477zarG+ObSy7YJA=

Xhf3e+tdAC183w==

Xk0ZAezv2rWH

kngo+vBeSRN7AszNwam3Osmguuqc0MoC

a2Qp7a+E8fSw7LDjpnqEKjsRZA==

3zjy4E7+QM48wg==

YcCmqT3OUNAigVott2pBKiy7YJA=

4+SMeX1juat/5cZ1AZihcyy7YJA=

/+m7sro0OBTl3TMpCw==

i2ctEfe4//a64yklMsgS2J90

+loZ2QKGX0UWgpvErMs=

b9BNCnJWQJS8IfsR0uR3bCy7YJA=

Targets

- Target
  
  808bc55dfd04bde28b5a81eeffa1be00N.exe
- Size
  
  1.7MB
- MD5
  
  808bc55dfd04bde28b5a81eeffa1be00
- SHA1
  
  1ac47e1d51466f5031b1096d40816abb90d36668
- SHA256
  
  1968771402227e2db604f63085104459de416107146f4d21a50c6e6e866f4324
- SHA512
  
  e8b2d3e05adcb2da69780f1a4cea88c7f830d9d9d3a41abacc2cdf22b06ed5992a77a61e142c2622e210bd981fa20f710183aa2efa164b60d3c6aaed4f227c59
- SSDEEP
  
  24576:0G/gSI7uzvdh53ATay0Lu9fE124K2Gzo/Xyhp4HtNLpTGLRvO4x:dgruLMayJWao/XC6B
Score

10^/10

formbook dcn0 discovery rat spyware stealer trojan credential_access
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookdcn0discoveryratspywarestealertrojan

behavioral2

formbookdcn0credential_accessdiscoveryratspywarestealertrojan