formbook | 659b0101cf2a80010a2254f632a3964ca0917c65694e6cdcdb258f2ea36c30b4 | Triage

Sharing

General

Target

cbd7b03a1410f9d9c404a33020c2c49f_JaffaCakes118
Size

484KB
Sample

240830-25f5vssbrk
MD5

cbd7b03a1410f9d9c404a33020c2c49f
SHA1

46873e92417016950176968517a80cd4f83f2927
SHA256

659b0101cf2a80010a2254f632a3964ca0917c65694e6cdcdb258f2ea36c30b4
SHA512

8b4163b6d94a3fdc71331461626bf9b6a4af1687e9f155a55122d6152ed12e1d2880c4dd01b6b3ee7f953fed247e35b09d6b28a78c115b4dae8488e451767c2c
SSDEEP

12288:uE4cI068+xWfFSAUadblygLj69i4r8dO2C7qM:uEB6kNBlygy9brsO2C7qM

Score

10^/10

formbook ai discovery persistence privilege_escalation rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

ai

Decoy

theapschool.com

riseupfloridakeys.com

xn--mgbb2awa9dm20i.com

apnee-coach.com

christianmarketinggifts.com

eurothereum.biz

solutionfull.com

equifaxqsecurity2017.com

roboeye-tech.com

living-isar.immo

cable-online-zone.sale

parfumirza.com

civilizationsprice.com

zealasia.com

billet-bateau-tanger.com

andrewkurtsummers.net

darylandkaitlyn.com

ddaak.com

seattlepetadventures.com

iopuern.online

Targets

- Target
  
  cbd7b03a1410f9d9c404a33020c2c49f_JaffaCakes118
- Size
  
  484KB
- MD5
  
  cbd7b03a1410f9d9c404a33020c2c49f
- SHA1
  
  46873e92417016950176968517a80cd4f83f2927
- SHA256
  
  659b0101cf2a80010a2254f632a3964ca0917c65694e6cdcdb258f2ea36c30b4
- SHA512
  
  8b4163b6d94a3fdc71331461626bf9b6a4af1687e9f155a55122d6152ed12e1d2880c4dd01b6b3ee7f953fed247e35b09d6b28a78c115b4dae8488e451767c2c
- SSDEEP
  
  12288:uE4cI068+xWfFSAUadblygLj69i4r8dO2C7qM:uEB6kNBlygy9brsO2C7qM
Score

10^/10

formbook ai discovery persistence privilege_escalation rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookaidiscoverypersistenceprivilege_escalationratspywarestealertrojan

behavioral2

formbookaidiscoverypersistenceprivilege_escalationratspywarestealertrojan