formbook | fcf632af143e88dfba5e9256d0fb238eb314b0d20e63141cb659ed7ad001cbb4 | Triage

Sharing

General

Target

fcf632af143e88dfba5e9256d0fb238eb314b0d20e63141cb659ed7ad001cbb4.exe
Size

1.6MB
Sample

241008-qvn7yazbjq
MD5

3364dc2488f8444000a9da4c6d999fc4
SHA1

19cf9bd0f6976d75f7738ec74d2b326edee5bdde
SHA256

fcf632af143e88dfba5e9256d0fb238eb314b0d20e63141cb659ed7ad001cbb4
SHA512

24778076f2e3fbd0ab39675bab98bd7da9feaa08e276d720da2fca252377ceb2c7b1da1b9c3b862e2acbea9b6e0c29e77e093c9cff366055d894a969545ea921
SSDEEP

49152:AAodtaG9kS2U84B+FLan9k5TRM9zlcVj7vdLJ7t:A/B18P7t

Score

10^/10

formbook md02 discovery persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

md02

Decoy

onsen1508.com

partymaxclubmen36.click

texasshelvingwarehouse.com

tiantiying.com

taxcredits-pr.com

33mgbet.com

equipoleiremnacional.com

andrewghita.com

zbbnp.xyz

englandbreaking.com

a1b5v.xyz

vizamag.com

h0lg3.rest

ux-design-courses-17184.bond

of84.top

qqkartel88v1.com

avalynkate.com

cpuk-finance.com

yeslabs.xyz

webuyandsellpa.com

Targets

- Target
  
  fcf632af143e88dfba5e9256d0fb238eb314b0d20e63141cb659ed7ad001cbb4.exe
- Size
  
  1.6MB
- MD5
  
  3364dc2488f8444000a9da4c6d999fc4
- SHA1
  
  19cf9bd0f6976d75f7738ec74d2b326edee5bdde
- SHA256
  
  fcf632af143e88dfba5e9256d0fb238eb314b0d20e63141cb659ed7ad001cbb4
- SHA512
  
  24778076f2e3fbd0ab39675bab98bd7da9feaa08e276d720da2fca252377ceb2c7b1da1b9c3b862e2acbea9b6e0c29e77e093c9cff366055d894a969545ea921
- SSDEEP
  
  49152:AAodtaG9kS2U84B+FLan9k5TRM9zlcVj7vdLJ7t:A/B18P7t
Score

10^/10

formbook md02 discovery persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Adds policy Run key to start application
  persistence
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookmd02discoverypersistenceratspywarestealertrojan

behavioral2

formbookmd02ratspywarestealertrojan