formbook | b60cc5eef23df54a8527f68b650ded50b8fe732bfc36132fc32f90c7eb583d38 | Triage

Sharing

General

Target

JaffaCakes118_b60cc5eef23df54a8527f68b650ded50b8fe732bfc36132fc32f90c7eb583d38
Size

299KB
Sample

241224-289xcazrcp
MD5

aacab636b93f92201430858cad0385ec
SHA1

fcd5bbe1fc72825fb4992ebbf3384f3f9b6f0b99
SHA256

b60cc5eef23df54a8527f68b650ded50b8fe732bfc36132fc32f90c7eb583d38
SHA512

0534cc01e016117823c68ea370c2ba798529af02f965e2659a7ace447cda942260548eaed0400b0619ea94a502abc5d70391d7402b21ad1ac10637f767410e10
SSDEEP

6144:9n/NQAclKwC2Lsh5TlfOWqomE3f0EfVOkVHNSKIa:9/NlbllIEfRVHNga

Score

10^/10

formbook dmr discovery persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dmr

Decoy

thietkewebngay.com

fdgre.com

silverbuzzer.com

d55105.com

ccc693.com

diptya.net

oleasalon.com

vjvtjkic.biz

edmsociety.com

siyahmaske.win

lmnp-occasion.com

platocosmos.com

fakua.top

albertabarricade.com

kakaninrecipes.com

bestsmokeapp.com

hotelsitaly.online

brewtopiaapp.com

1q1twoother.men

wwwmaharashtratimes.com

Targets

- Target
  
  53e82df8699686a1b36c364f243e9f5f9436e454f4dbf1fafd655d4049764e85.bin
- Size
  
  461KB
- MD5
  
  bd53de78fae3410bc6a613d550b8b9a9
- SHA1
  
  74080b1789acb88b2cdb7cef3b06ef7bd9feaa90
- SHA256
  
  53e82df8699686a1b36c364f243e9f5f9436e454f4dbf1fafd655d4049764e85
- SHA512
  
  b507beaaece7e84c6f7d854d1da525c2e6fa894ecb266ae7000a56dcfaee15382ef54f40f047757ea6c59d5c97b2372f32266f475bf300aa8e00d517fc774075
- SSDEEP
  
  6144:ntB5iXq4NYHjLS1hxr0pIHJyxq9ira1+1krWG/G/BH:tmx2HUhN0pIHqqwtYWG/Gd
Score

10^/10

formbook dmr discovery persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookdmrdiscoverypersistenceratspywarestealertrojan

behavioral2