formbook | e008b0307e7470de4160b1d1294e9f80e705b6f60b6f52c1cb5f4e9870750de3 | Triage

Sharing

General

Target

e008b0307e7470de4160b1d1294e9f80e705b6f60b6f52c1cb5f4e9870750de3.exe
Size

26KB
Sample

241016-gdjrfszckl
MD5

66ddac982a848a23964f67c681f398d2
SHA1

0e45e7ad765db4a8adca06d55717c6d0086e07ff
SHA256

e008b0307e7470de4160b1d1294e9f80e705b6f60b6f52c1cb5f4e9870750de3
SHA512

d0e469d0e40cabbac2fbab2011ac80640feefddda72f5d4aaefd0e8a1771f0d41f8a13c0e8dfa7f21fb9de8f27192f4a39413b7255ab03843c4c828cb722df3f
SSDEEP

768:JaVwrXpaWFEFVm3j+oYsqsztHogOeYyGaL0wz:MWEsztIgKy1L0u

Score

10^/10

formbook bopi discovery persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bopi

Decoy

zq4.top

relationship-coach-88497.bond

destekbirimi.xyz

tgh-reg.xyz

pepcapital.net

edunote.media

loans-credits-63765.bond

zhxgtlw.top

rajalele.xyz

ug-tower.asia

agrajter.com

investment-services-44387.bond

yaoxiaocang.fun

23win6.top

used-cars-84168.bond

primesourceglobal.net

indiapostsk.vip

qe2i7cghzpebk.buzz

furniture-27975.bond

fy489tysiot4twoinsr3295y78h.xyz

Targets

- Target
  
  e008b0307e7470de4160b1d1294e9f80e705b6f60b6f52c1cb5f4e9870750de3.exe
- Size
  
  26KB
- MD5
  
  66ddac982a848a23964f67c681f398d2
- SHA1
  
  0e45e7ad765db4a8adca06d55717c6d0086e07ff
- SHA256
  
  e008b0307e7470de4160b1d1294e9f80e705b6f60b6f52c1cb5f4e9870750de3
- SHA512
  
  d0e469d0e40cabbac2fbab2011ac80640feefddda72f5d4aaefd0e8a1771f0d41f8a13c0e8dfa7f21fb9de8f27192f4a39413b7255ab03843c4c828cb722df3f
- SSDEEP
  
  768:JaVwrXpaWFEFVm3j+oYsqsztHogOeYyGaL0wz:MWEsztIgKy1L0u
Score

10^/10

formbook bopi discovery persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookbopidiscoverypersistenceratspywarestealertrojan

behavioral2

formbookbopidiscoverypersistenceratspywarestealertrojan