formbook | d21e26aa5cfaeae40be681b6ef282698d6e3b76dea7f6f1c54233870aca8ac8c | Triage

Sharing

General

Target

c49b28723e072ebf59a5917c1390e502_JaffaCakes118
Size

325KB
Sample

240827-jv45tsscnj
MD5

c49b28723e072ebf59a5917c1390e502
SHA1

fc5c7975c2ae71ce95d2e2ad132539cc5a67353f
SHA256

d21e26aa5cfaeae40be681b6ef282698d6e3b76dea7f6f1c54233870aca8ac8c
SHA512

405c55f8ad898a612372634d9ec1c0ee08cd505f4eb3724894f4b9cb0a9459dfc77937b82cabad072ce019d66f11b59e6f90ab19ff4749306e16834ce2f1b930
SSDEEP

6144:3IDk2llfQ8FZK7jfp6E8Ty3YUEXznI6mh9X8EL3HR8yptp7Nu+:3IDk2Xf0fpnHYhy3XFHR8Ap7Nu

Score

10^/10

formbook hx63 discovery persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

2.9

Campaign

hx63

Decoy

click-click.site

Targets

- Target
  
  c49b28723e072ebf59a5917c1390e502_JaffaCakes118
- Size
  
  325KB
- MD5
  
  c49b28723e072ebf59a5917c1390e502
- SHA1
  
  fc5c7975c2ae71ce95d2e2ad132539cc5a67353f
- SHA256
  
  d21e26aa5cfaeae40be681b6ef282698d6e3b76dea7f6f1c54233870aca8ac8c
- SHA512
  
  405c55f8ad898a612372634d9ec1c0ee08cd505f4eb3724894f4b9cb0a9459dfc77937b82cabad072ce019d66f11b59e6f90ab19ff4749306e16834ce2f1b930
- SSDEEP
  
  6144:3IDk2llfQ8FZK7jfp6E8Ty3YUEXznI6mh9X8EL3HR8yptp7Nu+:3IDk2Xf0fpnHYhy3XFHR8Ap7Nu
Score

10^/10

discovery formbook hx63 persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

formbookhx63discoverypersistenceratspywarestealertrojan