formbook | 68c3605100b20d0e04a069565f5ce7f6f55b7546f52dcf22328e3a321637e361 | Triage

Sharing

General

Target

New PO 796512.exe
Size

21KB
Sample

241121-sy8rvssfnf
MD5

223b42adc2e6eeb342664ffa633c3a6a
SHA1

00612d9ce02cde93cd73eebcbee0deece4da3f8f
SHA256

68c3605100b20d0e04a069565f5ce7f6f55b7546f52dcf22328e3a321637e361
SHA512

8c2e1ca20137aa4871509dbf17d27eeed4ae13433f95b63eda48570b2158317d3d72edda78f7b6c43bbc4f39c5bf84d83988c6afd6a5e6f1bdcda331f82c6847
SSDEEP

384:cs+2GqOOyQuluvnDS3d2dD03jVsV8ftnokwRwAoDNwAUPNtdI6+eQAozrBtHzkL:cs+2G8ZQ+SXjWooPjBBAtHzae6eX

Score

10^/10

formbook o62s discovery persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o62s

Decoy

lectrobay.shop

enisehirarnavutkoy.xyz

itoolz.net

otorcycle-loans-40378.bond

opjobsinusa.today

uara228j.shop

ukulbagus10.click

enhealth07.shop

cpoker.pro

ome-remodeling-16949.bond

andu.shop

hubbychicocharmqs.shop

onghi292.top

ussines-web-creators.net

alenspencer.online

ryptogigt.top

epiyiisigorta.online

ental-implants-77717.bond

juta.click

enisehirevleriarnavutkoy.xyz

Targets

- Target
  
  New PO 796512.exe
- Size
  
  21KB
- MD5
  
  223b42adc2e6eeb342664ffa633c3a6a
- SHA1
  
  00612d9ce02cde93cd73eebcbee0deece4da3f8f
- SHA256
  
  68c3605100b20d0e04a069565f5ce7f6f55b7546f52dcf22328e3a321637e361
- SHA512
  
  8c2e1ca20137aa4871509dbf17d27eeed4ae13433f95b63eda48570b2158317d3d72edda78f7b6c43bbc4f39c5bf84d83988c6afd6a5e6f1bdcda331f82c6847
- SSDEEP
  
  384:cs+2GqOOyQuluvnDS3d2dD03jVsV8ftnokwRwAoDNwAUPNtdI6+eQAozrBtHzkL:cs+2G8ZQ+SXjWooPjBBAtHzae6eX
Score

10^/10

formbook o62s discovery persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooko62sdiscoverypersistenceratspywarestealertrojan

behavioral2

formbooko62sdiscoverypersistenceratspywarestealertrojan