formbook | e182a3a8f40704596c5f0516437380f35b395406c5b7fb29ef6b148f5274d5fd | Triage

Sharing

General

Target

INQUIRY 2024-SP0006-B(01).rar
Size

966KB
Sample

240925-mwn2savarh
MD5

61e3d1ef92c2702a0a7bbac85b8e7772
SHA1

0e868afbce96f859f9043300084f4e9e1d86e4ed
SHA256

e182a3a8f40704596c5f0516437380f35b395406c5b7fb29ef6b148f5274d5fd
SHA512

8d010aa2310d3279c0be76e003f1e2edea1984a9181c3fd555c9c86ed7adb3b971efb5d2d14a280b8a5df19816da195240f4b7bed244356b9a7dfdfb46af8b53
SSDEEP

24576:7x8BD9HgtHPDax87SzFZJhhRmolqGx6lWOx7hwwM/jJmU:7x84D7SZxrmZGxjOohIU

Score

10^/10

formbook e62s discovery persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

e62s

Decoy

ellinksa.shop

uckyspinph.xyz

owdark.net

arriage-therapy-72241.bond

w7ijko4rv4p97b.top

heirbuzzwords.buzz

aspart.shop

ctivemail5-kagoya-com.info

shacertification9.shop

zitcd65k3.buzz

llkosoi.info

ru8.info

rhgtrdjdjykyetrdjftd.buzz

yschoollist.kiwi

oftfolio.online

rograma-de-almacen-2.online

oudoarms.top

mwquas.xyz

orjagaucha.website

nlinechat-mh.online

Targets

- Target
  
  Gimegq.exe
- Size
  
  2.0MB
- MD5
  
  42a6e331406ad55f27ad1e3ad7ba13e6
- SHA1
  
  75b2c9970e0a356af251dad5f4e64c538bbb0ce3
- SHA256
  
  845cadd4d3a49f38dbd20a685cbd8c0405ca1af4e69aa252082df841a10d16ab
- SHA512
  
  2cbbcdbeb156ccfd4b1edabbdf74286418e80bd683b2c002bb8adf7ec02eca78b0da437c413950dd4bda906e4418e310d03db1c2bc74e639702c65b6798ed308
- SSDEEP
  
  24576:AJPXX+a20rK/dxUpe8PQBANjA3vDxLM50BgKqd7hpnM:
Score

10^/10

discovery persistence formbook e62s rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Formbook payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

formbooke62sdiscoverypersistenceratspywarestealertrojan