formbook | 32a211990a974cc2acdd1b3814a2f0ace854025a41f56c6fae00c75d334fbec9 | Triage

Sharing

General

Target

32a211990a974cc2acdd1b3814a2f0ace854025a41f56c6fae00c75d334fbec9.exe
Size

1.6MB
Sample

241009-md8y8sygpn
MD5

64696d5e44479a7d22f5d5177d26d71a
SHA1

3a892d28eda05fac4ae708e1413510c6425d1eba
SHA256

32a211990a974cc2acdd1b3814a2f0ace854025a41f56c6fae00c75d334fbec9
SHA512

55fdfd209c7028a942f73fc4d5df587d69c124752274b7e9ac6452b1d28e31c040401d43e19bddf5f2b608897a33f8744c42875551e469aa6382a94644b7c970
SSDEEP

49152:qAodtaG9kS2U84B+FLan9k5TRM9zleVjrJV:e/B1s

Score

10^/10

formbook md02 discovery persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

md02

Decoy

onsen1508.com

partymaxclubmen36.click

texasshelvingwarehouse.com

tiantiying.com

taxcredits-pr.com

33mgbet.com

equipoleiremnacional.com

andrewghita.com

zbbnp.xyz

englandbreaking.com

a1b5v.xyz

vizamag.com

h0lg3.rest

ux-design-courses-17184.bond

of84.top

qqkartel88v1.com

avalynkate.com

cpuk-finance.com

yeslabs.xyz

webuyandsellpa.com

Targets

- Target
  
  32a211990a974cc2acdd1b3814a2f0ace854025a41f56c6fae00c75d334fbec9.exe
- Size
  
  1.6MB
- MD5
  
  64696d5e44479a7d22f5d5177d26d71a
- SHA1
  
  3a892d28eda05fac4ae708e1413510c6425d1eba
- SHA256
  
  32a211990a974cc2acdd1b3814a2f0ace854025a41f56c6fae00c75d334fbec9
- SHA512
  
  55fdfd209c7028a942f73fc4d5df587d69c124752274b7e9ac6452b1d28e31c040401d43e19bddf5f2b608897a33f8744c42875551e469aa6382a94644b7c970
- SSDEEP
  
  49152:qAodtaG9kS2U84B+FLan9k5TRM9zleVjrJV:e/B1s
Score

10^/10

formbook md02 discovery persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Adds policy Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookmd02discoverypersistenceratspywarestealertrojan

behavioral2

formbookmd02discoveryratspywarestealertrojan