formbook | 6a5cd5f639330e5962291a987d2e438471250ad1a88be2f93c972ecb7ddb6cc5 | Triage

Sharing

General

Target

3.7z
Size

4KB
Sample

241114-schnjs1cqq
MD5

a52cf4cbfc418353ad1c4545d65d42fa
SHA1

f4753a571701624e2970d6a2165b9109fab3e8c9
SHA256

6a5cd5f639330e5962291a987d2e438471250ad1a88be2f93c972ecb7ddb6cc5
SHA512

4986fea99e75f94d4c4307993aba33066dfd79dae05d41d702cdd78d66edb81d7d355f104e952a2b450800717da8a4cc6027a7e8f8a168663cd5849b1f2afaca
SSDEEP

96:KYVtA5ADjo2TUfSbZoeca+ioTbN8aCKXLRKFzkfIpb6EuAqh:KYVtA5AA6JbKyMqKXLRsQxh

Score

10^/10

formbook bopi discovery persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bopi

Decoy

zq4.top

relationship-coach-88497.bond

destekbirimi.xyz

tgh-reg.xyz

pepcapital.net

edunote.media

loans-credits-63765.bond

zhxgtlw.top

rajalele.xyz

ug-tower.asia

agrajter.com

investment-services-44387.bond

yaoxiaocang.fun

23win6.top

used-cars-84168.bond

primesourceglobal.net

indiapostsk.vip

qe2i7cghzpebk.buzz

furniture-27975.bond

fy489tysiot4twoinsr3295y78h.xyz

Targets

- Target
  
  Referencia del proyecto 141224.exe
- Size
  
  15KB
- MD5
  
  413998ae07309b1c72841fc7a912100f
- SHA1
  
  f4dbbc45cdd84f26f9c4c1dc1a411785d91767ab
- SHA256
  
  c2439c996b7035e886d641c504dbce53fd63795aae0dbfba70bb09be97216ab1
- SHA512
  
  f1be1486f46f8ece461e2da082d9c34b8db392c7dccdefdb09b7c05f25f693e2406c029338f5053febd8e67a3db2a6a97a99f2ec4356aa0229d08528917cbc0a
- SSDEEP
  
  192:ESEDsBvTvEigeKfbnL4UE9gA5Em6R52T5Gr:xvhubnLxEq0Mr
Score

10^/10

discovery formbook bopi persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

formbookbopidiscoverypersistenceratspywarestealertrojan