formbook | 455211c4e2e4a2cc787bb794618d8f7ced8e869e2f742233e17a253e3fc8c595 | Triage

Resubmissions

23-11-2024 01:02

241123-bd3axazlfr 10

Sharing

General

Target

223b42adc2e6eeb342664ffa633c3a6a.bin
Size

14KB
Sample

241123-bd3axazlfr
MD5

b8c9a4179e3c0fcc1c0c6424c3637756
SHA1

7b2ac724e8a9c18c656dd7bf5b8bb62aa8e8d6be
SHA256

455211c4e2e4a2cc787bb794618d8f7ced8e869e2f742233e17a253e3fc8c595
SHA512

fbaeece8dd366dbc531579c68f4b18fd37b1a6f175a51f942a049e17e40a15cb54579cd76b76f013d3004b0e551f1f60293e5b663f0fbc7fc07eb6cdce3c5bb6
SSDEEP

384:URifzpUGXzbydupwVae4FRaqQtxFDEIHxPHxhjG:URi9UGXzbyAmaRQj+IHxPHbjG

Score

10^/10

formbook o62s discovery persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o62s

Decoy

lectrobay.shop

enisehirarnavutkoy.xyz

itoolz.net

otorcycle-loans-40378.bond

opjobsinusa.today

uara228j.shop

ukulbagus10.click

enhealth07.shop

cpoker.pro

ome-remodeling-16949.bond

andu.shop

hubbychicocharmqs.shop

onghi292.top

ussines-web-creators.net

alenspencer.online

ryptogigt.top

epiyiisigorta.online

ental-implants-77717.bond

juta.click

enisehirevleriarnavutkoy.xyz

Targets

- Target
  
  68c3605100b20d0e04a069565f5ce7f6f55b7546f52dcf22328e3a321637e361.exe
- Size
  
  21KB
- MD5
  
  223b42adc2e6eeb342664ffa633c3a6a
- SHA1
  
  00612d9ce02cde93cd73eebcbee0deece4da3f8f
- SHA256
  
  68c3605100b20d0e04a069565f5ce7f6f55b7546f52dcf22328e3a321637e361
- SHA512
  
  8c2e1ca20137aa4871509dbf17d27eeed4ae13433f95b63eda48570b2158317d3d72edda78f7b6c43bbc4f39c5bf84d83988c6afd6a5e6f1bdcda331f82c6847
- SSDEEP
  
  384:cs+2GqOOyQuluvnDS3d2dD03jVsV8ftnokwRwAoDNwAUPNtdI6+eQAozrBtHzkL:cs+2G8ZQ+SXjWooPjBBAtHzae6eX
Score

10^/10

formbook o62s discovery persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooko62sdiscoverypersistenceratspywarestealertrojan

behavioral2

formbooko62sdiscoverypersistenceratspywarestealertrojan