formbook | 7301ca8dd0b96977793aaf6228e191ed8a0698c849688c71dedf9f9e66900f5b | Triage

Sharing

General

Target

7301ca8dd0b96977793aaf6228e191ed8a0698c849688c71dedf9f9e66900f5b.rar
Size

1010KB
Sample

240925-cdkljayajr
MD5

bff83a19b32bedf068722348cbd7610f
SHA1

9ca2720e8e0f02432de1ea89d97231a6037580ea
SHA256

7301ca8dd0b96977793aaf6228e191ed8a0698c849688c71dedf9f9e66900f5b
SHA512

31cae44c085a2f203f8a0f0968786a94985416d8990211aefe27bffdaaad7af591cc21542405a759a1104d2a06ac672cafbcaa65f3d678a107564fb6dae42a8d
SSDEEP

24576:DhHJYMuQ6RMKe0tGgRYl6jgxRQNsyj15l7yihqrR4yp2v1jY:VH4Q6A0tDilogrQNsKS01yAvtY

Score

10^/10

formbook e62s discovery persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

e62s

Decoy

ellinksa.shop

uckyspinph.xyz

owdark.net

arriage-therapy-72241.bond

w7ijko4rv4p97b.top

heirbuzzwords.buzz

aspart.shop

ctivemail5-kagoya-com.info

shacertification9.shop

zitcd65k3.buzz

llkosoi.info

ru8.info

rhgtrdjdjykyetrdjftd.buzz

yschoollist.kiwi

oftfolio.online

rograma-de-almacen-2.online

oudoarms.top

mwquas.xyz

orjagaucha.website

nlinechat-mh.online

Targets

- Target
  
  www.exe
- Size
  
  1.0MB
- MD5
  
  b6fded66a1bf362c4ef98883f04b53ac
- SHA1
  
  aaa5e105742754c5b250276e916e13ea34613560
- SHA256
  
  3218d9e3413de3fc262447ccddd5f9f458c82abdb96943e830dfc3ebeb1a1de5
- SHA512
  
  17ce4adce92925b137cf4e3cfdf8b43c705cdf949a139ad2de77fe2579debcf72c0b2d3ab43e58593d66e0167e3e02d9164953c51041006df9a2560b6e297108
- SSDEEP
  
  24576:lexvf1XsiJ6Y1GxCNEaDfTeLfbCFUGDBOkv95m27R7w:svf18K1ZDbefCuGDBOoXR7
Score

10^/10

discovery persistence formbook e62s rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Formbook payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

formbooke62sdiscoverypersistenceratspywarestealertrojan