formbook | 9572bb0d1762099aebf68dda5750923bb31e8477f20bd132bbf8a7952ac0d2f0 | Triage

Sharing

General

Target

9572bb0d1762099aebf68dda5750923bb31e8477f20bd132bbf8a7952ac0d2f0.img
Size

1.1MB
Sample

240925-cmjetssajh
MD5

09fff573a506d1af8f42ada0bd5f08a4
SHA1

6cf743da2cdd35668d0a2de4691b0a0e4d299491
SHA256

9572bb0d1762099aebf68dda5750923bb31e8477f20bd132bbf8a7952ac0d2f0
SHA512

b709ba78dc4f1223e48394cb562bb545f9aaf7f2cbaa4b76f9419ba92eedc715724afeba57d4ad01910562a2d211365700c2eab1385f33c0148b7804686f7005
SSDEEP

24576:pexvf1XsiJ6Y1GxCNEaDfTeLfbCFUGDBOkv95m27R7w:Yvf18K1ZDbefCuGDBOoXR7

Score

10^/10

formbook e62s discovery persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

e62s

Decoy

ellinksa.shop

uckyspinph.xyz

owdark.net

arriage-therapy-72241.bond

w7ijko4rv4p97b.top

heirbuzzwords.buzz

aspart.shop

ctivemail5-kagoya-com.info

shacertification9.shop

zitcd65k3.buzz

llkosoi.info

ru8.info

rhgtrdjdjykyetrdjftd.buzz

yschoollist.kiwi

oftfolio.online

rograma-de-almacen-2.online

oudoarms.top

mwquas.xyz

orjagaucha.website

nlinechat-mh.online

Targets

- Target
  
  www.exe
- Size
  
  1.0MB
- MD5
  
  b6fded66a1bf362c4ef98883f04b53ac
- SHA1
  
  aaa5e105742754c5b250276e916e13ea34613560
- SHA256
  
  3218d9e3413de3fc262447ccddd5f9f458c82abdb96943e830dfc3ebeb1a1de5
- SHA512
  
  17ce4adce92925b137cf4e3cfdf8b43c705cdf949a139ad2de77fe2579debcf72c0b2d3ab43e58593d66e0167e3e02d9164953c51041006df9a2560b6e297108
- SSDEEP
  
  24576:lexvf1XsiJ6Y1GxCNEaDfTeLfbCFUGDBOkv95m27R7w:svf18K1ZDbefCuGDBOoXR7
Score

10^/10

discovery persistence formbook e62s rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Formbook payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

formbooke62sdiscoverypersistenceratspywarestealertrojan