formbook | 9cd09b682e79cb8b0c9f1ca85d75353d16ce58c530cac02cfbceb7116ce9b68c | Triage

Sharing

General

Target

9cd09b682e79cb8b0c9f1ca85d75353d16ce58c530cac02cfbceb7116ce9b68c.exe
Size

21KB
Sample

241122-j1rfxssrgj
MD5

5a63e2158e840e70b0a1a5d8cbc049df
SHA1

71b3309f0f98671ee5db9eb2e9d05812a8540aae
SHA256

9cd09b682e79cb8b0c9f1ca85d75353d16ce58c530cac02cfbceb7116ce9b68c
SHA512

97e0d9cd057844f0c41a52f02c6553ebffa77056c1c992a6841602206d960b2bf11f63ca5cc074eb9a7112f905308a16add23233c5df90d3a8568094746dd91d
SSDEEP

384:cs+2GqOOyQuluvnDS3d2dD03jVsV8ftnokwRwAoDNwAUPNtdI6+eQAozrBtHzkL5:cs+2G8ZQ+SXjWooPjBBAtHzae6eXw

Score

10^/10

formbook o62s discovery persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o62s

Decoy

lectrobay.shop

enisehirarnavutkoy.xyz

itoolz.net

otorcycle-loans-40378.bond

opjobsinusa.today

uara228j.shop

ukulbagus10.click

enhealth07.shop

cpoker.pro

ome-remodeling-16949.bond

andu.shop

hubbychicocharmqs.shop

onghi292.top

ussines-web-creators.net

alenspencer.online

ryptogigt.top

epiyiisigorta.online

ental-implants-77717.bond

juta.click

enisehirevleriarnavutkoy.xyz

Targets

- Target
  
  9cd09b682e79cb8b0c9f1ca85d75353d16ce58c530cac02cfbceb7116ce9b68c.exe
- Size
  
  21KB
- MD5
  
  5a63e2158e840e70b0a1a5d8cbc049df
- SHA1
  
  71b3309f0f98671ee5db9eb2e9d05812a8540aae
- SHA256
  
  9cd09b682e79cb8b0c9f1ca85d75353d16ce58c530cac02cfbceb7116ce9b68c
- SHA512
  
  97e0d9cd057844f0c41a52f02c6553ebffa77056c1c992a6841602206d960b2bf11f63ca5cc074eb9a7112f905308a16add23233c5df90d3a8568094746dd91d
- SSDEEP
  
  384:cs+2GqOOyQuluvnDS3d2dD03jVsV8ftnokwRwAoDNwAUPNtdI6+eQAozrBtHzkL5:cs+2G8ZQ+SXjWooPjBBAtHzae6eXw
Score

10^/10

formbook o62s discovery persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooko62sdiscoverypersistenceratspywarestealertrojan

behavioral2

formbooko62sdiscoverypersistenceratspywarestealertrojan