formbook | fd828c534b0e6ce946192311dd9fadad98e82fcc91fe1f3bdbdc652ccc3fc3d0 | Triage

Sharing

General

Target

fd828c534b0e6ce946192311dd9fadad98e82fcc91fe1f3bdbdc652ccc3fc3d0.exe
Size

1.6MB
Sample

241010-c3kylavgmh
MD5

f6e047942236cefdcd6559bca66a7b3e
SHA1

28aac545fcd0c9b11d2546110966b812d1c6d920
SHA256

fd828c534b0e6ce946192311dd9fadad98e82fcc91fe1f3bdbdc652ccc3fc3d0
SHA512

5cb5d39d739e1698772e59b3f50da44cb7279a3f7df1ac5319dedc823f62ecf14f5b0ff68c4e67fe8e1595235242f83d17c86b50e82c16b8c8e6cc40d7525eeb
SSDEEP

49152:WAodtaG9kS2U84B+FLan9k5TRM9zlCVjkvr:K/B1Jz

Score

10^/10

formbook md02 discovery persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

md02

Decoy

onsen1508.com

partymaxclubmen36.click

texasshelvingwarehouse.com

tiantiying.com

taxcredits-pr.com

33mgbet.com

equipoleiremnacional.com

andrewghita.com

zbbnp.xyz

englandbreaking.com

a1b5v.xyz

vizamag.com

h0lg3.rest

ux-design-courses-17184.bond

of84.top

qqkartel88v1.com

avalynkate.com

cpuk-finance.com

yeslabs.xyz

webuyandsellpa.com

Targets

- Target
  
  fd828c534b0e6ce946192311dd9fadad98e82fcc91fe1f3bdbdc652ccc3fc3d0.exe
- Size
  
  1.6MB
- MD5
  
  f6e047942236cefdcd6559bca66a7b3e
- SHA1
  
  28aac545fcd0c9b11d2546110966b812d1c6d920
- SHA256
  
  fd828c534b0e6ce946192311dd9fadad98e82fcc91fe1f3bdbdc652ccc3fc3d0
- SHA512
  
  5cb5d39d739e1698772e59b3f50da44cb7279a3f7df1ac5319dedc823f62ecf14f5b0ff68c4e67fe8e1595235242f83d17c86b50e82c16b8c8e6cc40d7525eeb
- SSDEEP
  
  49152:WAodtaG9kS2U84B+FLan9k5TRM9zlCVjkvr:K/B1Jz
Score

10^/10

formbook md02 discovery persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Adds policy Run key to start application
  persistence
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookmd02discoverypersistenceratspywarestealertrojan

behavioral2

formbookmd02discoveryratspywarestealertrojan