formbook | 9bbfeec581efea4224c9b936410dda83bcc3fb10e2064d1719a69311b7ca8800 | Triage

Sharing

General

Target

26092024_0346_25092024_NEW PROJECT OFFER - 216.zip
Size

829KB
Sample

240926-ebryyayfjg
MD5

874d7f35c178f74c6dadca1901661b8c
SHA1

33bed88e8ff5638c94eee5aabba84d197455a394
SHA256

9bbfeec581efea4224c9b936410dda83bcc3fb10e2064d1719a69311b7ca8800
SHA512

183ca58a09d46b84111794ea4425e71c3173c8401446ed05485fabe79915f81b53704878f964c35ff6369b0a9085ee6a0283df14ad56ecd43706e7867d88aad5
SSDEEP

24576:7+GzX4otkNEdGiNz1VMVW9+KFtfBoutCwOzHlkrYs:7+GD4IddXMVa+KFtaSCw++Ms

Score

10^/10

formbook md02 discovery persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

md02

Decoy

onsen1508.com

partymaxclubmen36.click

texasshelvingwarehouse.com

tiantiying.com

taxcredits-pr.com

33mgbet.com

equipoleiremnacional.com

andrewghita.com

zbbnp.xyz

englandbreaking.com

a1b5v.xyz

vizamag.com

h0lg3.rest

ux-design-courses-17184.bond

of84.top

qqkartel88v1.com

avalynkate.com

cpuk-finance.com

yeslabs.xyz

webuyandsellpa.com

Targets

- Target
  
  NEW PROJECT OFFER - 216.exe
- Size
  
  1.6MB
- MD5
  
  360d18d8a47c264c2e03cc8e06bbab7a
- SHA1
  
  59183b9e4b41c8f90ce2f0dee4ee3e6e4e1bc2fe
- SHA256
  
  94610e74b5926d5c7b4429915a41cef2434b364be578958b8a597a74dd5c7d7d
- SHA512
  
  ae20f9bc3b19a88fd960a44151ead5a1f7e7eb3b6d1ae8382aa9eed584a6f090295fec7a75c4a76d4b4ad072e47b223acc036bdce249a4c75e9af2d734d4e8ec
- SSDEEP
  
  49152:4AodtaG9kS2U84B+FLan9k5TRM9zloVjJOk6m:o/B1Ud
Score

10^/10

formbook md02 discovery persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Adds policy Run key to start application
  persistence
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookmd02discoverypersistenceratspywarestealertrojan

behavioral2

formbookmd02ratspywarestealertrojan