formbook | f14f6502ca843e1a27c65b798bbcdc512f7db306d626b7dc99d93b01d1641691 | Triage

Sharing

General

Target

f14f6502ca843e1a27c65b798bbcdc512f7db306d626b7dc99d93b01d1641691
Size

1.0MB
Sample

240912-lvzlfs1enb
MD5

88a1a15369443c2cc3682f265450d716
SHA1

7d64c49043c07bc0377f0bd72d823581c2dd8383
SHA256

f14f6502ca843e1a27c65b798bbcdc512f7db306d626b7dc99d93b01d1641691
SHA512

bcbc94ca1bb5e4c99a07deb94cf205e49657a27886c45ebca7068ae3638d2f66dc6b0a1d530dc716208d55121c553786471421a84511077ed59ef57df4dd6f30
SSDEEP

24576:ugwRCfZhhzI0EMQLeem8N5dGwC/jyaY4Y7frrr6Ge20qMszeEklH5fc:GWZvImyLGjlY97fJeTq1aH5fc

Score

10^/10

formbook md02 credential_access discovery persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

md02

Decoy

onsen1508.com

partymaxclubmen36.click

texasshelvingwarehouse.com

tiantiying.com

taxcredits-pr.com

33mgbet.com

equipoleiremnacional.com

andrewghita.com

zbbnp.xyz

englandbreaking.com

a1b5v.xyz

vizamag.com

h0lg3.rest

ux-design-courses-17184.bond

of84.top

qqkartel88v1.com

avalynkate.com

cpuk-finance.com

yeslabs.xyz

webuyandsellpa.com

Targets

- Target
  
  Понуда за куповину 09.12.2024.exe
- Size
  
  2.0MB
- MD5
  
  6802db590901ec5215747a51dd9ca615
- SHA1
  
  d5fd1f6e872e175af8076000418ef22668af6855
- SHA256
  
  d8cb59b0305f96808257383de7b5a279454bffdae82f9b44dceb49a8acf53bec
- SHA512
  
  eebce4e7408f8130c99ee4f156c311032615566cf8a10542a12b96d4485af5b2bbe6ff4b7b627f8116455b8683b84fc0f52cbffc5964875240b9efc08781b7e5
- SSDEEP
  
  49152:GfDe+fmH7RRZ1UW84VCyH+4FAGqnx+lg3jszB8u12pSCge:GfDQQsQ3z
Score

10^/10

formbook md02 credential_access discovery persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Formbook payload
  rat
- Adds policy Run key to start application
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookmd02credential_accessdiscoverypersistenceratspywarestealertrojan

behavioral2

formbookmd02credential_accessdiscoverypersistenceratspywarestealertrojan