formbook | c4147dce1e2af54d878eb35144f9350b85dd3173497e3572d4d8d4e52b89e3ab | Triage

Sharing

General

Target

JaffaCakes118_c4147dce1e2af54d878eb35144f9350b85dd3173497e3572d4d8d4e52b89e3ab
Size

347KB
Sample

241229-abgezswmgk
MD5

a64f6d5413e6833c4b4c98c27a884835
SHA1

b3cec8030948c1e5d5a811740db6fdfeb211baf5
SHA256

c4147dce1e2af54d878eb35144f9350b85dd3173497e3572d4d8d4e52b89e3ab
SHA512

6a3dc845d8b2b4d35cf06f34fb4959cd4cb9c1cc9c81731fa9f7ea5b2c6a9c95c8d10c6c580f7827b654ff3f6e9fe031b615117486d676a387697afc1e9d05e3
SSDEEP

6144:l9GlFyxBwu66OcfQ+/5BE/UUTecI6DQKrCLxGTbaUoR28IQ97GED886j:lAcV6DO56/UJj6cGwxsbBoo8IQc20

Score

10^/10

formbook rzt discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rzt

Decoy

travelbykeystone.com

gardenstoresupply.com

tobelias.com

thecosmicdna.com

lmshawaii.com

icorn.finance

afontoto.com

usbracesbest.com

unity-title.com

kindredanimal.com

milestonecms.com

aljazeerahlounge.com

jokcreates.com

justjazzythings.com

tiktokbestdeals.com

ww-marketing.com

humblehousekeep.com

alloreklama.com

cranecurrency.info

maraisman.com

Targets

- Target
  
  2.vexe
- Size
  
  431KB
- MD5
  
  39f5517cde8252f68c878e5956071441
- SHA1
  
  336464c016ef58f9e82075754f200dbe59b593e4
- SHA256
  
  7cf9a8e9f9164be0f93bfb8810892a0dbaf5f7748105a8375afa3cc558f9d940
- SHA512
  
  a9f6960f08dd58cdeb5323d8f5d7e12439de61b1f83877a916596a3acb72c6e2bfdf6865da623c9c7bec2996e02446d029ce7a53e2b35484be31468b477d97a4
- SSDEEP
  
  6144:kmdYfNunWu1IA2UcaYYeAJ3NSMv4DKj1EulrsbCwOI/4WJUsJw3Gp0Xm2YcHYeQm:PDWuqUc5ohNSA4s+uGz/Li2WXm2Yo
Score

10^/10

formbook rzt discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookrztdiscoveryratspywarestealertrojan

behavioral2

formbookrztdiscoveryratspywarestealertrojan